Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

iexplore.exe process often uses 100% CPU [Closed]


  • This topic is locked This topic is locked

#31
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Agent ST your detailed instructions on updating Java were very helpful, thank you for that! I am unsure of the severity of this message, but after completely updating Java and restarting my computer I received a pop-up message which stated:

Microsoft JScript compilation error: Syntax error

The only option was to select OK and then it dissapeared. As for Adobe, before I install it I was curious of a couple things. Under "Add or Remove Programs" it shows that I have the following Adobe related programs:

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player

Should I delete all of the above, and then continue with downloading the latest Adobe software through their website?
  • 0

Advertisements


#32
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL Fix Log:



All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Vicki\My Documents\Downloads\RegistryEasy_Setup005.exe moved successfully.
C:\Downloads\RiskII-dm[1].exe moved successfully.
C:\Program Files\LimeWire\The Grouch show you the world.mp3 moved successfully.
C:\Program Files\LimeWire\DIABLO 2 CD-Key + NoCD Patch\diablo2noCD108all folder moved successfully.
C:\Program Files\LimeWire\DIABLO 2 CD-Key + NoCD Patch folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Games
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jason
->Temp folder emptied: 104465 bytes
->Temporary Internet Files folder emptied: 49415744 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 790 bytes

User: Kristy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vicki
->Temp folder emptied: 741081 bytes
->Temporary Internet Files folder emptied: 115584093 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2278 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 752783 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 445000 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 159.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Games
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jason
->Flash cache emptied: 0 bytes

User: Kristy

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Vicki
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11012011_045327

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#33
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
As for the current status of my computer, it was still running fairly slowly prior to the updates and running the OTL, but I will have to experiment with it later today to see how it is doing now. Thank you for your continuous help with this, I have actually been inspired to apply for GeekU myself when this is all said and done.



OTL Scan Log:



OTL logfile created on: 11/1/2011 5:11:25 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 163.54 Mb Available Physical Memory | 32.07% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.95 Gb Free Space | 16.83% Space Free | Partition Type: NTFS

Computer Name: VICKID9YYCZ61 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 14:30:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/10/07 18:46:50 | 002,497,864 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/25 20:43:20 | 000,986,936 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
PRC - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/26 12:39:04 | 000,118,784 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2004/01/07 00:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 16:38:46 | 001,604,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110100\algo.dll
MOD - [2011/10/29 09:21:15 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110100\aswRep.dll
MOD - [2011/05/25 20:43:26 | 001,764,664 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Export.dll
MOD - [2011/05/25 20:43:24 | 004,284,728 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll
MOD - [2011/05/25 20:43:24 | 002,086,200 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\GuiListener\export.dll
MOD - [2011/05/25 20:43:24 | 000,339,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll
MOD - [2011/05/25 20:43:24 | 000,328,504 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll
MOD - [2011/05/25 20:43:24 | 000,126,776 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll
MOD - [2011/05/25 20:43:24 | 000,049,976 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll
MOD - [2011/05/25 20:43:22 | 001,131,320 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS_RES.dll
MOD - [2011/05/25 20:43:22 | 000,464,184 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\CRF\export.dll
MOD - [2011/05/25 20:43:20 | 000,019,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLANG.dll
MOD - [2004/04/11 18:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll
MOD - [2003/07/29 06:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/14 07:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/01/26 12:39:04 | 000,118,784 | ---- | M] (Visioneer Inc) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/31 03:00:11 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/07/31 02:42:50 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0847}:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {3797B287-C572-4102-8A9C-132E61BEB95D}:1.0
FF - prefs.js..extensions.enabledItems: {83109441-5AC6-4BFE-8DEA-ED07639468C0}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vicki\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3797B287-C572-4102-8A9C-132E61BEB95D}: C:\Documents and Settings\Jason\Local Settings\Application Data\{3797B287-C572-4102-8A9C-132E61BEB95D}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{83109441-5AC6-4BFE-8DEA-ED07639468C0}: C:\Documents and Settings\Vicki\Local Settings\Application Data\{83109441-5AC6-4BFE-8DEA-ED07639468C0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/05/14 16:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/11 21:51:49 | 000,000,000 | ---D | M]

[2008/12/17 22:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2010/03/07 01:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions
[2010/03/07 01:50:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/23 23:29:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions\[email protected]
[2011/10/25 23:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/28 18:28:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0}
[2010/05/14 16:21:12 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAM FILES\IWIN GAMES\FIREFOX
[2010/06/17 21:03:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/01 04:53:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://134.139.136.21/VatDec.cab (VatCtrl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273054495634 (WUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://targetphoto.k..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://targetphoto.k..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.taxsimpl...tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96486288-8BF8-4BB6-8A38-779EB18FC612}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96486288-8BF8-4BB6-8A38-779EB18FC612}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (c:\WINDOWS\SYSTEM32\guard32.dll) -C:\WINDOWS\SYSTEM32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 04:56:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/01 04:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Sun
[2011/10/31 04:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/31 03:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2011/10/31 03:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/31 03:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/31 03:10:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/31 03:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/31 02:50:42 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/28 12:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/28 12:17:01 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/28 12:17:00 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/28 12:16:56 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/28 12:16:55 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/28 12:16:54 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/28 12:16:53 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/28 12:16:53 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/28 12:16:52 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/28 12:16:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/28 12:16:09 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/28 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/28 12:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/28 11:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/28 11:05:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/28 10:59:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/28 10:59:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/28 10:59:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/28 10:59:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/28 10:56:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 21:44:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 12:30:13 | 004,276,337 | R--- | C] (Swearware) -- C:\Documents and Settings\Jason\Desktop\ComboFix.exe
[2011/10/26 01:06:48 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jason\Desktop\tdsskiller.exe
[2011/10/25 23:34:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 14:29:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/10/18 18:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\MyBuisness
[2011/10/15 20:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\join.me
[2011/10/14 17:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/10/14 17:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/10/14 17:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/10/14 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/14 16:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/10/14 00:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\My PSP Files
[2011/10/09 13:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Opa the Openminded Songs
[2011/10/08 21:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Computer's Random Files
[2011/10/08 17:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Free Abandonware GAMES
[2011/10/07 18:48:04 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 18:48:02 | 000,492,768 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 18:48:02 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 18:48:00 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/04 04:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\DOSBox
[2011/10/04 04:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2011/10/04 04:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74

========== Files - Modified Within 30 Days ==========

[2011/11/01 05:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7EDD6984-8BD9-4A09-96D9-A5B025419E15}.job
[2011/11/01 05:00:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/11/01 04:58:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/11/01 04:58:34 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 04:53:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/10/31 09:42:37 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\SecurityCheck.exe
[2011/10/31 03:10:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/31 02:50:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/28 15:48:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 12:17:02 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 12:16:54 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/28 11:05:10 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/10/28 10:58:42 | 004,276,337 | R--- | M] (Swearware) -- C:\Documents and Settings\Jason\Desktop\ComboFix.exe
[2011/10/26 16:10:29 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/26 01:06:56 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jason\Desktop\tdsskiller.exe
[2011/10/25 14:30:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/10/23 21:16:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/22 23:59:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\gmer.exe
[2011/10/15 20:32:22 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\join.me.lnk
[2011/10/14 17:02:40 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/14 17:00:20 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/14 17:00:20 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/10/14 15:38:35 | 000,319,232 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/10/13 11:31:23 | 000,205,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:44:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/13 03:42:53 | 000,443,202 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/13 03:42:53 | 000,072,276 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 18:48:00 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/04 04:38:36 | 001,146,943 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
[2011/10/04 04:01:55 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk

========== Files Created - No Company Name ==========

[2011/10/31 09:42:27 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\SecurityCheck.exe
[2011/10/31 03:10:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/28 12:50:44 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/28 12:17:02 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 11:05:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/28 11:05:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/28 10:59:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/28 10:59:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/28 10:59:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/28 10:59:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/28 10:59:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/15 20:32:22 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\join.me.lnk
[2011/10/15 20:32:19 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Jason\Start Menu\Programs\join.me.lnk
[2011/10/14 17:02:40 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/14 17:00:20 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/14 17:00:20 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/10/04 04:41:06 | 001,146,943 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
[2011/10/04 04:01:55 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2011/09/11 21:42:37 | 000,168,282 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2011/09/11 21:42:36 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2011/04/11 22:01:18 | 000,365,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/09/10 01:00:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/14 01:52:51 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/03 23:32:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2007/06/03 23:06:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/01 12:10:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007/05/29 20:08:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/29 20:08:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/29 20:08:24 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 22:20:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/19 16:45:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Vicki.ini
[2007/02/20 04:25:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 21:06:01 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/02/17 21:05:27 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/11/01 01:31:50 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/11/01 01:31:50 | 000,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/11/01 01:31:50 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/07/31 03:00:11 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/07/31 02:42:50 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd2413.sys
[2006/01/15 15:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/09/27 19:40:22 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/04/21 12:37:29 | 000,000,297 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/18 12:57:06 | 000,000,135 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/04/09 18:30:46 | 000,000,474 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/06 19:00:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/05 03:37:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PFP120JPR.{PB
[2005/04/05 03:37:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PFP120JCM.{PB
[2005/03/31 00:39:08 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/27 03:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/03/26 19:01:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/26 18:54:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpecCheck.INI
[2005/03/22 13:52:31 | 000,000,503 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/03/20 02:37:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2005/03/19 00:49:31 | 000,000,065 | ---- | C] () -- C:\WINDOWS\SOLANTIC.INI
[2005/03/17 21:09:04 | 000,000,649 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/03/11 09:43:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 09:41:43 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 09:37:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/11 09:20:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/11 09:18:54 | 000,443,202 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/11 09:18:54 | 000,072,276 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/11 09:00:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:08:08 | 000,205,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 09:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 09:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 15:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/02/10 12:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 12:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/06 15:42:54 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/06/17 20:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/28 12:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/05/06 22:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/01/27 18:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/05/06 22:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/01/28 13:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/17 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/05/04 13:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/05/04 18:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/03/19 16:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/14 16:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/07 05:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/28 20:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/09/28 20:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/06/03 22:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/08/03 01:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Aim
[2011/09/28 03:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\AppClient
[2006/07/31 01:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\BitTorrent
[2009/05/01 11:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\FOG Downloader
[2007/10/03 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\GetRightToGo
[2005/03/25 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Leadertech
[2007/03/30 16:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\LinkManager 4.0
[2005/05/09 03:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Musicmatch
[2007/04/10 18:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\OneTouch 4.0
[2009/01/31 13:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\PlayFirst
[2007/04/10 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\ScanSoft
[2007/02/07 05:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Viewpoint
[2005/04/06 15:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\WeatherBug
[2010/09/28 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Western Digital
[2011/11/01 05:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7EDD6984-8BD9-4A09-96D9-A5B025419E15}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-13 10:50:36

< >

< >

< >

< >

< End of report >
  • 0

#34
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

You will want to remove this program:

Adobe Flash Player 10 Plugin & Adobe Reader 9.4.6

Then visit this link to get the latest Adobe Flash Player version.

http://get.adobe.com/flashplayer/

You'll update Adobe Reader to the latest version later.

As for the current status of my computer, it was still running fairly slowly prior to the updates and running the OTL, but I will have to experiment with it later today to see how it is doing now. Thank you for your continuous help with this, I have actually been inspired to apply for GeekU myself when this is all said and done.

We can always use more helpers in the fight against malware.

After you update those two programs run this scan:

Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#35
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you much for the Adobe info :)

OTL.txt scan results:


OTL logfile created on: 11/1/2011 6:12:39 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 292.48 Mb Available Physical Memory | 57.35% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.84 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: VICKID9YYCZ61 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 14:30:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/10/07 18:46:50 | 002,497,864 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/25 20:43:20 | 000,986,936 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
PRC - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/26 12:39:04 | 000,118,784 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 12:52:26 | 001,604,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110103\algo.dll
MOD - [2011/11/01 07:14:37 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110103\aswRep.dll
MOD - [2011/10/31 16:38:46 | 001,604,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110100\algo.dll
MOD - [2011/10/29 09:21:15 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110100\aswRep.dll
MOD - [2011/05/25 20:43:26 | 001,764,664 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Export.dll
MOD - [2011/05/25 20:43:24 | 004,284,728 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll
MOD - [2011/05/25 20:43:24 | 002,086,200 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\GuiListener\export.dll
MOD - [2011/05/25 20:43:24 | 000,339,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll
MOD - [2011/05/25 20:43:24 | 000,328,504 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll
MOD - [2011/05/25 20:43:24 | 000,126,776 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll
MOD - [2011/05/25 20:43:24 | 000,049,976 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll
MOD - [2011/05/25 20:43:22 | 001,131,320 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS_RES.dll
MOD - [2011/05/25 20:43:22 | 000,464,184 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\CRF\export.dll
MOD - [2011/05/25 20:43:20 | 000,019,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLANG.dll
MOD - [2004/04/11 18:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll
MOD - [2003/07/29 06:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/14 07:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/01/26 12:39:04 | 000,118,784 | ---- | M] (Visioneer Inc) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/31 03:00:11 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/07/31 02:42:50 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0847}:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {3797B287-C572-4102-8A9C-132E61BEB95D}:1.0
FF - prefs.js..extensions.enabledItems: {83109441-5AC6-4BFE-8DEA-ED07639468C0}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vicki\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3797B287-C572-4102-8A9C-132E61BEB95D}: C:\Documents and Settings\Jason\Local Settings\Application Data\{3797B287-C572-4102-8A9C-132E61BEB95D}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{83109441-5AC6-4BFE-8DEA-ED07639468C0}: C:\Documents and Settings\Vicki\Local Settings\Application Data\{83109441-5AC6-4BFE-8DEA-ED07639468C0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/05/14 16:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/11 21:51:49 | 000,000,000 | ---D | M]

[2008/12/17 22:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2010/03/07 01:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions
[2010/03/07 01:50:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/23 23:29:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions\[email protected]
[2011/10/25 23:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/28 18:28:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0}
[2010/05/14 16:21:12 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAM FILES\IWIN GAMES\FIREFOX
[2010/06/17 21:03:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/01 04:53:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://134.139.136.21/VatDec.cab (VatCtrl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273054495634 (WUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://targetphoto.k..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://targetphoto.k..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.taxsimpl...tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96486288-8BF8-4BB6-8A38-779EB18FC612}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96486288-8BF8-4BB6-8A38-779EB18FC612}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (c:\WINDOWS\SYSTEM32\guard32.dll) -C:\WINDOWS\SYSTEM32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 13:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Temp
[2011/11/01 13:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/11/01 04:56:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/01 04:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Sun
[2011/11/01 04:16:49 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/01 04:16:48 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/11/01 04:16:47 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/11/01 04:16:47 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/11/01 03:53:50 | 020,197,256 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Jason\Desktop\jre-7u1-windows-i586.exe
[2011/10/31 04:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/31 03:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2011/10/31 03:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/31 03:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/31 03:10:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/31 03:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/31 02:50:42 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/28 12:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/28 12:17:01 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/28 12:17:00 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/28 12:16:56 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/28 12:16:55 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/28 12:16:54 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/28 12:16:53 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/28 12:16:53 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/28 12:16:52 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/28 12:16:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/28 12:16:09 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/28 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/28 12:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/28 11:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/28 11:05:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/28 10:59:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/28 10:59:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/28 10:59:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/28 10:59:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/28 10:56:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 21:44:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 12:30:13 | 004,276,337 | R--- | C] (Swearware) -- C:\Documents and Settings\Jason\Desktop\ComboFix.exe
[2011/10/26 01:06:48 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jason\Desktop\tdsskiller.exe
[2011/10/25 23:34:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 14:29:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/10/18 18:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\MyBuisness
[2011/10/15 20:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\join.me
[2011/10/14 17:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/10/14 17:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/10/14 17:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/10/14 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/14 16:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/10/14 00:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\My PSP Files
[2011/10/09 13:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Opa the Openminded Songs
[2011/10/08 21:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Computer's Random Files
[2011/10/08 17:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Free Abandonware GAMES
[2011/10/07 18:48:04 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 18:48:02 | 000,492,768 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 18:48:02 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 18:48:00 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/04 04:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\DOSBox
[2011/10/04 04:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2011/10/04 04:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74

========== Files - Modified Within 30 Days ==========

[2011/11/01 18:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7EDD6984-8BD9-4A09-96D9-A5B025419E15}.job
[2011/11/01 17:51:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 13:56:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/11/01 13:54:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/01 13:53:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/11/01 13:53:30 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 13:40:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/01 04:53:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/11/01 04:14:38 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/11/01 04:14:37 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/11/01 04:14:36 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/11/01 04:14:36 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/01 04:14:31 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/01 03:54:02 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Jason\Desktop\jre-7u1-windows-i586.exe
[2011/10/31 09:42:37 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\SecurityCheck.exe
[2011/10/31 03:10:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/31 02:50:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/28 15:48:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 12:17:02 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 12:16:54 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/28 11:05:10 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/10/28 10:58:42 | 004,276,337 | R--- | M] (Swearware) -- C:\Documents and Settings\Jason\Desktop\ComboFix.exe
[2011/10/26 16:10:29 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/26 01:06:56 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jason\Desktop\tdsskiller.exe
[2011/10/25 14:30:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/10/23 21:16:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/22 23:59:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\gmer.exe
[2011/10/15 20:32:22 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\join.me.lnk
[2011/10/14 17:02:40 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/14 17:00:20 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/14 17:00:20 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/10/14 15:38:35 | 000,319,232 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/10/13 11:31:23 | 000,205,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:44:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/13 03:42:53 | 000,443,202 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/13 03:42:53 | 000,072,276 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 18:48:00 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/04 04:38:36 | 001,146,943 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
[2011/10/04 04:01:55 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011/11/01 13:41:26 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 13:41:25 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 09:42:27 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\SecurityCheck.exe
[2011/10/31 03:10:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/28 12:50:44 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/28 12:17:02 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 11:05:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/28 11:05:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/28 10:59:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/28 10:59:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/28 10:59:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/28 10:59:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/28 10:59:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/15 20:32:22 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\join.me.lnk
[2011/10/15 20:32:19 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Jason\Start Menu\Programs\join.me.lnk
[2011/10/14 17:02:40 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/14 17:00:20 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/14 17:00:20 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/10/04 04:41:06 | 001,146,943 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
[2011/10/04 04:01:55 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2011/09/11 21:42:37 | 000,168,282 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2011/09/11 21:42:36 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2011/04/11 22:01:18 | 000,365,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/09/10 01:00:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/14 01:52:51 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/03 23:32:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2007/06/03 23:06:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/01 12:10:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007/05/29 20:08:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/29 20:08:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/29 20:08:24 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 22:20:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/19 16:45:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Vicki.ini
[2007/02/20 04:25:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 21:06:01 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/02/17 21:05:27 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/11/01 01:31:50 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/11/01 01:31:50 | 000,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/11/01 01:31:50 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/07/31 03:00:11 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/07/31 02:42:50 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd2413.sys
[2006/01/15 15:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/09/27 19:40:22 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/04/21 12:37:29 | 000,000,297 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/18 12:57:06 | 000,000,135 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/04/09 18:30:46 | 000,000,474 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/06 19:00:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/05 03:37:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PFP120JPR.{PB
[2005/04/05 03:37:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PFP120JCM.{PB
[2005/03/31 00:39:08 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/27 03:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/03/26 19:01:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/26 18:54:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpecCheck.INI
[2005/03/22 13:52:31 | 000,000,503 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/03/20 02:37:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2005/03/19 00:49:31 | 000,000,065 | ---- | C] () -- C:\WINDOWS\SOLANTIC.INI
[2005/03/17 21:09:04 | 000,000,649 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/03/11 09:43:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 09:41:43 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 09:37:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/11 09:20:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/11 09:18:54 | 000,443,202 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/11 09:18:54 | 000,072,276 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/11 09:00:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:08:08 | 000,205,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 09:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 09:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 15:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/02/10 12:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 12:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/06 15:42:54 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

< End of report >

Edited by Opa the Openminded, 01 November 2011 - 08:37 PM.

  • 0

#36
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Extras.txt scan results:


OTL Extras logfile created on: 11/1/2011 6:12:39 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 292.48 Mb Available Physical Memory | 57.35% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.84 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: VICKID9YYCZ61 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Disabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Disabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Disabled:SIGSPat -- (Havas Interactive)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Disabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88D577B1-3E9D-4281-BD99-9107669CE4ED}" = PaperPort
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E35285C2-816C-41DF-99D2-FABA97516E3C}" = OneTouch 4.0
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"Bicycle Card Games 1.0" = Bicycle Card Games
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX130IS" = Canon PowerShot SX130 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO GeekBuddy" = COMODO GeekBuddy
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Photo Printer 720" = Dell Photo Printer 720
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"iWinArcade" = iWin Games (remove only)
"Jasc Paint Shop Pro Studio GDI+ Patch" = Jasc Paint Shop Pro Studio GDI+ Patch
"Jasc Paint Shop Pro Studio.01 Patch" = Jasc Paint Shop Pro Studio.01 Patch
"kSolo" = kSolo Recorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Personal Ancestral File Companion 5.1.5" = Personal Ancestral File Companion 5.1.5
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Adapters and Drivers
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shop for HP Supplies" = Shop for HP Supplies
"Sierra Utilities" = Sierra Utilities
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Ultimate Mahjongg 10" = Ultimate Mahjongg 10
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80b77bf0c209b804" = Emulator Starter
"JoinMe" = join.me
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2011 11:23:48 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 12:19:36 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 12:19:37 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 4:18:18 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2011 2:30:30 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2011 3:15:00 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2011 3:27:20 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/30/2011 11:03:44 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2011 11:03:44 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2011 11:03:44 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:57 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:58 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:58 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 4:17:58 PM | Computer Name = VICKID9YYCZ61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

#37
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

If you don't use the following programs than I'd suggest removing them:

My Way Search Assistant
iWin Games (remove only)
Viewpoint Media Player


But besides that I'm not seeing any other signs of malware in your logs, so your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#38
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I took your advice and removed the other 2 programs but I was unable to locate My Way Search Assistant for removal. Any suggestions on removing it?

Also, before beginning the clean-up process, I wanted to note that in Windows Task Manager, under the Processes Tab, it still shows that I have 2 different iexplore.exe running, yet there is only one internet page window, and only 1 tab on that window. Is this normal? I feel that it is probably malware. Because one of the iexplore.exe always uses between 10,000 - 19,000 K Mem Usage, while the other one uses between 100,000 - 250,000+ K Mem Usage. Ive suspected that this is what has been slowing my computer down drastically.

Agent ST, I believe you have stuck with me now for over 2 weeks, and I want to give you a great big virtual hug for doing so. Your help has really really really been appreciated, I do hope that you know that :yes: :)
  • 0

#39
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!

I took your advice and removed the other 2 programs but I was unable to locate My Way Search Assistant for removal. Any suggestions on removing it?


You can try this uninstall tool here and if that doesn't work try this:

Try going to Start > Run > Copy/Paste the following bolded text followed by ENTER:

msiexec.exe /x{78d944d7-a97b-4004-ab0a-b5ad06839940}

Also, before beginning the clean-up process, I wanted to note that in Windows Task Manager, under the Processes Tab, it still shows that I have 2 different iexplore.exe running, yet there is only one internet page window, and only 1 tab on that window. Is this normal? I feel that it is probably malware. Because one of the iexplore.exe always uses between 10,000 - 19,000 K Mem Usage, while the other one uses between 100,000 - 250,000+ K Mem Usage. Ive suspected that this is what has been slowing my computer down drastically.

I've just launched Internet Explorer and launched Task Manager and I saw 2 iexplore.exe processes.

If you were to kill both of those tasks via Task Manager, does Internet Explorer close and do both iexplore.exe processes disappear and stay gone?

Agent ST, I believe you have stuck with me now for over 2 weeks, and I want to give you a great big virtual hug for doing so. Your help has really really really been appreciated, I do hope that you know that

You're more than welcome! I truly enjoy helping users like yourself!!

Edited by SweetTech, 03 November 2011 - 10:43 PM.

  • 0

#40
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Try going to Start > Run > Copy/Paste the following bolded text followed by ENTER:

msiexec.exe /x{78d944d7-a97b-4004-ab0a-b5ad06839940}:


Thank you, that was very effective!



If you were to kill both of those tasks via Task Manager, does Internet Explorer close and do both iexplore.exe processes disappear and stay gone?


No. The smaller iexplorer.exe DOES kill both of the iexplorer.exe's as well as the Internet Explorer web page, however the more resource demanding one DOES NOT kill the web page, and it immediately refreshes back onto the processes list. I kill it over and over and it just pops right back up like it never happened. Zombie, lol :)
  • 0

Advertisements


#41
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
hmm...

That's interesting.

I'd like to try and have you run GMER and see if it will run for you now.


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
  • 0

#42
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok I will run GMER again, but it does make me nervous so I have a few questions before beginning (my computer still has not recovered from the first 3 times GMER crashed, ever since the crash it often plays sounds slowly, including the brief Microsoft music it plays when the computer is first turned on, as if the computer is struggling as a result of damage).


First question is whether or not I can disconnect my internet before running GMER. The GMER program usually runs for 30mins to an hour before crashing, and I suspect a possibility that my anti-virus is doing pop ups for updating the virus database which may lead to the crash.

Secondly, there is a check box within GMER called ADS, which is below the files checkbox. Do I uncheck ADS?

Also, do I uncheck C:\?

Should I turn off Anti-Virus and my Firewall before running the scan to further reduce the chance of a computer crash?

Finally, if I were to create a new system restore point prior to running the scan, would it reverse any potential harm from a computer crash by going back to that restore point?

Thank you for baring with me :) , I just want to be as thorough as possible so that everything works out for the good. I appreciate you and your knowledge.
  • 0

#43
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!

First question is whether or not I can disconnect my internet before running GMER. The GMER program usually runs for 30mins to an hour before crashing, and I suspect a possibility that my anti-virus is doing pop ups for updating the virus database which may lead to the crash.

Yes, you can go ahead and disconnect from the internet.

Secondly, there is a check box within GMER called ADS, which is below the files checkbox. Do I uncheck ADS?

Please keep this box checked.

Also, do I uncheck C:\?

Please keep this checkbox checked.

Should I turn off Anti-Virus and my Firewall before running the scan to further reduce the chance of a computer crash?

Yes, you can go ahead and disable your Anti-Virus and Firewall. It's possible that the scan will be able to run better with less interference from your Anti-Virus and Firewall.

Finally, if I were to create a new system restore point prior to running the scan, would it reverse any potential harm from a computer crash by going back to that restore point?

It can't hurt to create a restore point, whether or not it will reverse damage from the crash is hard to say. On some systems GMER doesn't really like to run properly. It's hard to say why.

Thank you for baring with me , I just want to be as thorough as possible so that everything works out for the good. I appreciate you and your knowledge.

No problem!
  • 0

#44
Opa the Openminded

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I was in the process of disabling my firewall prior to beginning the GMER Scan, when the COMODO Firewall alerted me to 2 unrecognized files that I needed to "deal with" before disabling my firewall. I have the option of trusting, blocking, or deleting these files. I already purged them to ensure they still exist on my computer, which they do. Do you recognize them?


c:\program files\eset\eset online scanner\onlinescanner64.ocx
(this one is from the company ESET)


c:\_otl\movedfiles\11012011_045327\c_downloads\riskii-dm[1].exe
(I recognize the OTL program from this file, but am unsure if this was a file it intended to delete when scanning my computer)
  • 0

#45
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Yes, I recognize both of them.

This one: c:\program files\eset\eset online scanner\onlinescanner64.ocx is related to the ESET Online Scanner I had you run earlier.

This one: c:\_otl\movedfiles\11012011_045327\c_downloads\riskii-dm[1].exe is currently in quarantine, and will be removed later when we clean-up our tools.

I wouldn't worry about those two for right now.

Edited by SweetTech, 07 November 2011 - 05:24 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP