Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple csrss.exe, high cpu, unresponding AOL. Thank you in advance&#


  • This topic is locked This topic is locked

#1
adamsmom

adamsmom

    New Member

  • Member
  • Pip
  • 8 posts
Hello. Thank you in advance for any help.

For about a month, computer has been slow and freezing up. Got a message from Norton that it blocked a high risk trojan about a month ago, but Norton claimed to fix the issue. Since then computer or browsers need to be restarted often from freezing up. Goes slow. Couple times a small window popped up (type where windows normally gives you message or asks permission) but its blank.

Everytime I start up computer, I go through task manager and close things out to try to speed things up. I have about 5 svshost local's, (2) csrss.exe files (2) atievexx.exe. If I close the csrss.exe files I get a blue screen. One is located in the sys32 file the other is in c:\windows\winsxs\amd64_........ there are also others in a winsxs back up and syswow file. Not sure if that's normal.

Thank you in advance for your help!! Below is the OTLtxt information. It also gave me a file called Extras.
OTL logfile created on: 9/24/2011 11:58:14 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\econtent\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.64% Memory free
7.69 Gb Paging File | 5.97 Gb Available in Paging File | 77.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.71 Gb Total Space | 367.89 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 1.76 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Computer Name: ECONTENT-PC | User Name: econtent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/24 11:57:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\econtent\Downloads\OTL.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/11/24 14:40:59 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
PRC - [2010/11/24 14:40:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
PRC - [2010/11/22 17:19:45 | 002,201,936 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/10/18 14:08:40 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2010/07/23 11:50:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1292114936\ee\aolsoftware.exe
PRC - [2009/01/21 17:23:16 | 000,210,216 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/02 20:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/24 14:40:59 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll
MOD - [2010/11/24 14:40:49 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2010/11/24 14:40:49 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\DataSvcs.dll
MOD - [2008/12/25 15:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/26 19:13:08 | 000,263,560 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2008/11/26 19:13:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2008/11/26 19:13:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/10 09:04:58 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/26 14:13:54 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/09/26 14:13:24 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2009/12/21 16:53:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/08 04:34:10 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Stopped] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/12/02 20:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/02 17:13:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2009/12/21 16:48:28 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFNVsp.sys -- (ATMFNVsp)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFMdm.sys -- (ATMFMdm)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFCVsp.sys -- (ATMFCVsp)
DRV:64bit: - [2009/10/01 05:51:12 | 000,133,632 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFNET.sys -- (ATMFNET)
DRV:64bit: - [2009/10/01 05:51:12 | 000,063,488 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFBUS.sys -- (ATMFBUS)
DRV:64bit: - [2009/10/01 05:51:12 | 000,015,872 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFFLT.sys -- (ATMFFLT)
DRV:64bit: - [2009/10/01 05:51:10 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFVsp.sys -- (ATMFVsp)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/12/10 10:31:26 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/11/10 14:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/10/27 19:40:02 | 001,164,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/09/26 14:14:14 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 17:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 00:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 06:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2011/09/09 12:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/09/03 18:41:03 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110923.025\EX64.SYS -- (NAVEX15)
DRV - [2011/09/03 18:41:03 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/03 18:41:03 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110923.025\ENG64.SYS -- (NAVENG)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/28 11:07:55 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/20 17:58:29] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Web Search (powered by Google)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.13
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.11.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..keyword.URL: "http://search.toolba...Mb15JWE00Ow&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\econtent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\econtent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/08/17 16:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011/09/24 11:48:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/13 20:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 21:18:28 | 000,000,000 | ---D | M]

[2010/01/28 11:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Extensions
[2011/09/21 19:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions
[2010/12/01 10:03:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/11 14:50:02 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/08/13 16:09:59 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/09/10 07:53:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/21 15:55:17 | 000,000,000 | ---D | M] (Faves) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]
[2011/08/02 17:53:23 | 000,000,000 | ---D | M] (LinkBuilder) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]
[2011/08/02 17:53:25 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]
[2011/08/02 17:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]\chrome
[2011/08/02 17:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]\defaults
[2011/08/02 17:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]\modules
[2011/08/02 17:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]\chrome
[2011/08/02 17:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\extensions\[email protected]\defaults
[2010/12/11 20:01:44 | 000,002,352 | ---- | M] () -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\searchplugins\aol-search.xml
[2011/01/10 20:22:30 | 000,002,470 | ---- | M] () -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\searchplugins\safesearch.xml
[2011/08/18 16:43:41 | 000,001,538 | ---- | M] () -- C:\Users\econtent\AppData\Roaming\Mozilla\Firefox\Profiles\1mu5jf95.default\searchplugins\web-search-powered-by-google.xml
[2011/08/03 09:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/16 20:00:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/24 11:48:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_1_3
[2011/08/17 16:21:00 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ECONTENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MU5JF95.DEFAULT\EXTENSIONS\[email protected]
[2011/09/10 13:14:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/19 08:35:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/04/19 08:35:59 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/16 20:00:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/20 10:18:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\econtent\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\econtent\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\econtent\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Personal Blocklist (by Google) = C:\Users\econtent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\1.7_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1292114936\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0E07E6-54A3-4596-9059-EFC3C3532429}: DhcpNameServer = 192.168.15.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E050B2-1875-49BB-A784-3CE1E9BB56C6}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\econtent\Pictures\2010-09-10_12-05-34_193.jpg
O24 - Desktop BackupWallPaper: C:\Users\econtent\Pictures\2010-09-10_12-05-34_193.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{71d7300a-3cd6-11df-b25a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{71d7300a-3cd6-11df-b25a-00038a000015}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\Shell - "" = AutoRun
O33 - MountPoints2\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\Shell - "" = AutoRun
O33 - MountPoints2\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{e2e0457e-1fbe-11df-9297-00038a000015}\Shell\AutoRun\command - "" = F:\Connect.exe
O33 - MountPoints2\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\Shell - "" = AutoRun
O33 - MountPoints2\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 21:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/23 21:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/09/23 21:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/23 11:42:47 | 000,000,000 | ---D | C] -- C:\Users\econtent\Documents\forsalewatch
[2011/09/14 20:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG
[2011/09/13 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/09/06 18:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2011/09/06 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2011/09/03 18:13:01 | 000,000,000 | ---D | C] -- C:\Users\econtent\AppData\Roaming\Tific
[2011/09/02 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/08/26 23:29:55 | 000,000,000 | ---D | C] -- C:\Users\econtent\Documents\Nancy's reviews
[3 C:\Users\econtent\Documents\*.tmp files -> C:\Users\econtent\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 12:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 11:47:15 | 000,000,680 | ---- | M] () -- C:\Users\econtent\AppData\Local\d3d9caps.dat
[2011/09/24 11:46:58 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/24 11:46:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 11:46:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 11:46:39 | 000,335,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/24 11:46:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 11:30:42 | 620,211,361 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/24 10:31:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4220293281-52865913-2923672869-1000UA.job
[2011/09/24 09:27:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/23 13:22:39 | 000,010,874 | ---- | M] () -- C:\Users\econtent\.recently-used.xbel
[2011/09/23 11:42:47 | 000,054,040 | ---- | M] () -- C:\Users\econtent\Documents\forsalewatch.zip
[2011/09/23 09:31:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4220293281-52865913-2923672869-1000Core.job
[2011/09/22 10:30:21 | 000,870,128 | ---- | M] () -- C:\Users\econtent\AppData\Roaming\mcs.rma
[2011/09/22 10:30:21 | 000,000,004 | ---- | M] () -- C:\Users\econtent\AppData\Roaming\3E3366
[2011/09/20 18:32:54 | 000,002,019 | ---- | M] () -- C:\Users\econtent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/20 18:32:53 | 000,002,057 | ---- | M] () -- C:\Users\econtent\Desktop\Google Chrome.lnk
[2011/09/15 21:45:54 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/15 21:45:53 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/15 21:45:53 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/15 18:15:09 | 000,002,427 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/07 09:15:11 | 000,189,724 | ---- | M] () -- C:\Users\econtent\Documents\Order43788.pdf
[2011/09/05 16:33:09 | 000,085,975 | ---- | M] () -- C:\Users\econtent\Documents\couponrequests0905.csv
[2011/09/05 12:37:49 | 000,062,124 | ---- | M] () -- C:\Users\econtent\FREESTUFFANDSAMPLES[1].pdf
[2011/08/30 09:31:06 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForecontent.job
[2011/08/28 20:38:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/08/28 20:38:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/08/28 20:37:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/08/28 20:37:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/08/28 20:33:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/08/28 20:33:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[3 C:\Users\econtent\Documents\*.tmp files -> C:\Users\econtent\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/23 21:11:51 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/23 13:36:08 | 620,211,361 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/23 13:22:39 | 000,010,874 | ---- | C] () -- C:\Users\econtent\.recently-used.xbel
[2011/09/23 11:42:46 | 000,054,040 | ---- | C] () -- C:\Users\econtent\Documents\forsalewatch.zip
[2011/09/14 20:13:33 | 000,002,427 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/07 09:15:10 | 000,189,724 | ---- | C] () -- C:\Users\econtent\Documents\Order43788.pdf
[2011/09/05 16:32:58 | 000,085,975 | ---- | C] () -- C:\Users\econtent\Documents\couponrequests0905.csv
[2011/09/05 12:37:49 | 000,062,124 | ---- | C] () -- C:\Users\econtent\FREESTUFFANDSAMPLES[1].pdf
[2011/08/28 20:38:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/08/28 20:38:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/08/28 20:37:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/08/28 20:37:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/08/28 20:33:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/08/28 20:33:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/08/07 17:29:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/10 14:58:23 | 000,002,234 | ---- | C] () -- C:\Users\econtent\AppData\Roaming\SAS7_000.DAT
[2010/12/11 14:27:25 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/08/20 15:57:12 | 000,047,628 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/08/17 09:09:24 | 000,000,680 | ---- | C] () -- C:\Users\econtent\AppData\Local\d3d9caps.dat
[2010/07/30 18:58:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/07/30 18:57:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/07/30 18:56:59 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/07/29 14:31:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/08 12:05:47 | 000,000,031 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2010/03/24 14:32:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/10 18:53:06 | 000,019,456 | ---- | C] () -- C:\Users\econtent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 12:06:10 | 000,870,128 | ---- | C] () -- C:\Users\econtent\AppData\Roaming\mcs.rma
[2009/11/10 12:06:10 | 000,000,004 | ---- | C] () -- C:\Users\econtent\AppData\Roaming\3E3366
[2009/10/29 14:32:13 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/20 19:52:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/08 02:15:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/08 02:04:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/01/08 04:34:12 | 000,418,008 | ---- | C] () -- C:\Windows\SysWow64\WuWUI.exe
[2008/12/10 08:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/04/19 08:35:54 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\Catalina Marketing Corp
[2009/11/04 15:22:23 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\CoffeeCup Software
[2009/11/09 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/31 21:31:55 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\Cricket
[2010/11/20 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\EurekaLog
[2010/07/27 13:00:58 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\funkitron
[2009/10/15 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\Gamelab
[2011/09/15 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\gtk-2.0
[2011/01/30 18:08:35 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\IBP
[2010/11/03 08:16:23 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\iWin
[2010/07/27 12:36:28 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\Ludia
[2009/10/16 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\MSNInstaller
[2009/11/10 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\muvee Technologies
[2011/05/10 14:22:50 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\Nuance
[2011/09/03 18:13:01 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\Tific
[2011/02/23 15:37:27 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\TrafficMonarch
[2011/02/17 09:01:48 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\ubot
[2010/11/16 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\econtent\AppData\Roaming\webex
[2011/09/24 09:27:22 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello adamsmom and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKCU..\Run: [IBP] File not found
    O33 - MountPoints2\{71d7300a-3cd6-11df-b25a-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{71d7300a-3cd6-11df-b25a-00038a000015}\Shell\AutoRun\command - "" = F:\start.exe
    O33 - MountPoints2\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\Shell - "" = AutoRun
    O33 - MountPoints2\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{e2e0457e-1fbe-11df-9297-00038a000015}\Shell\AutoRun\command - "" = F:\Connect.exe
    O33 - MountPoints2\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\Shell - "" = AutoRun
    O33 - MountPoints2\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\Shell\AutoRun\command - "" = G:\setup.exe -a
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\start.exe

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP