Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Programs not responding,laptop has slown up [Closed]

Started by featman , Mar 31 2012 03:32 PM

This topic is locked

#1
featman

Posted 31 March 2012 - 03:32 PM

Member

Member
65 posts

Good day,
I am a former user [several years ago] of geeks to go. I appreciate that you guys/gals are still here.
I see the procedure has changed somewhat. I remember having to run a good deal of spyware/malware removal tools before submitting a "Hijack this" text. Hence, I'm sorry i can't better describe my infection or specific problem.

Here are some symptoms:

1.Performance has slowed up
2.I get freezes and "program not responding" errors.
3. When my home page loads I see many adware type messages go by before page loads, but they are too fast for me to get the whole name of.
4.It seems there are way too many processes open when I look in task manager

Actions I've taken as an amateur:

I've run complete Kaspersky scans which doesn't seems to find anything.
I use CCleaner to clean up files and registry often.
I've tried to create space by backing large movie type files to an external drive.
I switched from Explorer to Firefox which is supposed to make things run smoother. No help.

I will now paste my text. I'd greatly appreciate any fixes you can provide for me. thanks and have a good day...

OTL logfile created on: 3/31/2012 5:03:08 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 451.59 Mb Available Physical Memory | 44.54% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 73.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 39.46 Gb Free Space | 39.82% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: FAT32

Computer Name: PC785018295244 | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/31 16:22:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
PRC - [2012/03/21 21:10:55 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/07/29 00:18:50 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Richard\Application Data\HP SimpleSave Application\StartHelper.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Richard\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/08/21 15:44:20 | 002,170,904 | ---- | M] (MEDIALINK) -- C:\Program Files\Medialink\MWN-USB150N\UI.exe
PRC - [2008/10/26 22:40:51 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/21 21:10:54 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/15 17:49:34 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/24 04:25:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/24 04:25:21 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/24 04:21:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/24 04:15:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/24 04:07:40 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/24 04:04:59 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 03:25:09 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/14 03:18:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Richard\Application Data\HP SimpleSave Application\StartHelper.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/07/01 21:34:54 | 002,086,584 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll
MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2008/10/26 22:40:51 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\acAuth.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/07/29 00:18:50 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Richard\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2008/10/26 22:40:51 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/04/17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\notcable.sys -- (notecable) NoteCable Driver (WDM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/29 00:18:48 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/11/23 18:41:27 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/06/08 00:05:42 | 000,230,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmdcap.sys -- (U6000ALL) HDTV110 TV Box(ALL)
DRV - [2007/02/06 16:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 08:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 11:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/09/22 18:41:00 | 000,020,608 | ---- | M] (Empia Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emaudio.sys -- (emAudio)
DRV - [2004/09/22 10:42:12 | 000,079,563 | R--- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/09/21 15:52:54 | 000,110,653 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/09/21 15:52:44 | 000,004,857 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/?_bc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {48B89D11-9BFC-4F19-932C-3913CB059DF0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{48B89D11-9BFC-4F19-932C-3913CB059DF0}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{B1B26277-3AD2-4E2E-9586-EEB72AF97846}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.nycboe.org/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.excite.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.nycboe.....org/proxy.pac"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/10/15 13:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/12 02:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 21:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/12/08 14:01:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/03/18 13:16:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2011/07/28 23:27:13 | 000,000,000 | ---D | M]

[2011/01/08 13:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2011/11/07 21:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\f58cesr8.default\extensions
[2011/03/12 13:59:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\f58cesr8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/18 09:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 23:28:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F58CESR8.DEFAULT\EXTENSIONS\[email protected]
[2012/03/21 21:10:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/03/16 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Medialink Utilty] C:\Program Files\Medialink\MWN-USB150N\UI.exe (MEDIALINK)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F2E6A3D-7616-4A97-9D0C-012DD79FB695}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5c8ec4c0-4cca-11e0-bf19-0018dea39b54}\Shell - "" = AutoRun
O33 - MountPoints2\{5c8ec4c0-4cca-11e0-bf19-0018dea39b54}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c8ec4c0-4cca-11e0-bf19-0018dea39b54}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 16:22:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
[2012/03/31 16:15:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2012/03/31 13:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Adele
[2012/03/28 20:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Sal BD Pics
[2012/03/21 21:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Garmin icons
[2012/03/21 21:02:30 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/03/21 21:02:30 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/03/21 21:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Medialink
[2012/03/21 21:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Medialink
[2012/03/18 13:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Turks off Iphone
[2012/03/15 15:49:21 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/03/07 18:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\My Documents\Amazon MP3
[2012/03/04 02:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\NYC Maps cool
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Richard\Desktop\CAQ3GX69.
[2012/03/31 16:41:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/03/31 16:22:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
[2012/03/31 12:58:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 13:38:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/21 21:05:51 | 000,486,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/21 21:05:51 | 000,088,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/21 21:01:44 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MWN-USB150N.lnk
[2012/03/17 10:20:28 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 09:49:13 | 052,653,219 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\IMG_1484.MOV
[2012/03/15 09:47:54 | 017,335,194 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\IMG_1483.MOV
[2012/03/15 09:47:25 | 021,377,198 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\IMG_1482.MOV
[2012/03/15 09:46:54 | 035,181,135 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\IMG_1481.MOV
[2012/03/07 19:22:21 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/07 19:10:33 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/07 14:16:25 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2012/03/04 18:00:11 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Microsoft Office Word 2003.lnk
[2012/03/04 02:32:20 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2012/03/03 18:41:27 | 000,001,393 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\CopyTrans Control Center.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Richard\Desktop\CAQ3GX69.
[2012/03/21 21:01:47 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/03/21 21:01:47 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\RaCoInst.dat
[2012/03/21 21:01:44 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MWN-USB150N.lnk
[2012/03/15 09:49:13 | 052,653,219 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\IMG_1484.MOV
[2012/03/15 09:47:54 | 017,335,194 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\IMG_1483.MOV
[2012/03/15 09:47:25 | 021,377,198 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\IMG_1482.MOV
[2012/03/15 09:46:54 | 035,181,135 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\IMG_1481.MOV
[2012/02/17 04:20:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/08 16:17:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 23:28:02 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/28 23:28:02 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/17 16:28:54 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\0000025C_VTS_1.IFO
[2011/05/17 16:28:54 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\0000025C_VTS_0.IFO
[2011/04/01 11:02:58 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2011/03/20 12:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2011/03/20 12:23:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ThumbExtract.dll
[2011/03/20 12:23:34 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll
[2011/03/20 12:23:34 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/03/20 12:20:03 | 000,230,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmdcap.sys
[2011/02/21 16:30:56 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\00000CB4_VTS_1.IFO
[2011/02/21 16:30:56 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\00000CB4_VTS_0.IFO
[2011/01/08 13:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2012/03/02 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2009/12/09 13:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2006/09/12 03:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/12/30 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/08 19:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/10/20 17:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/06/18 18:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/30 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/05/28 15:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/12 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/11/13 03:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/08/13 16:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/23 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/04 17:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/13 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\$CUERoot$
[2007/11/19 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Acoustica
[2008/01/17 21:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\alot
[2009/12/18 00:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Amazon
[2012/01/26 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CopyToDvd
[2009/12/11 21:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CopyTransPhoto
[2012/02/23 23:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Garmin
[2009/12/09 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\GetRightToGo
[2007/11/13 19:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\InterTrust
[2007/11/13 20:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2008/10/20 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\muvee Technologies
[2008/10/26 22:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Netscape
[2008/12/30 12:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nikon
[2007/12/08 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\NoteCable
[2008/10/26 22:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Photodex
[2008/12/30 13:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Skinux
[2011/02/25 01:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Ulead Systems
[2012/01/26 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Vso
[2010/08/13 16:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\WindSolutions
[2012/03/31 16:41:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========

< End of report >

#2
featman

Posted 31 March 2012 - 04:30 PM

Member

Topic Starter
Member
65 posts

Sorry, there was an Extras text in notepad i didn't see....

OTL Extras logfile created on: 3/31/2012 4:23:15 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 470.31 Mb Available Physical Memory | 46.38% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 39.46 Gb Free Space | 39.82% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: FAT32

Computer Name: PC785018295244 | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Documents and Settings\Richard\Local Settings\Temp\WZSE6.TMP\SymNRT.exe" = C:\Documents and Settings\Richard\Local Settings\Temp\WZSE6.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Disabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.04
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7419582C-1E2E-4848-88F6-9FF638D9EA87}" = LightScribe Diagnostic Utility
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Video Capture
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8CDC6712-AF80-459E-911F-F1E156CB0AB0}" = hp deskjet 5600
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD7F7C-7EB5-4E54-99C8-6C490EF5C537}_is1" = Concert Vault Download Manager
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.004
"{D56401D6-E356-4CA5-97A3-024D666F5E5C}" = ArcSoft PhotoImpression 6
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = VC500 Driver
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.9.3.2
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AudioLabel" = AudioLabel
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"Diamond One Touch Video Capture Software" = Diamond One Touch Video Capture Software
"Diamond VC500 WinXPVista7 Installation" = Diamond VC500 WinXPVista7 Installation
"DVD43_is1" = DVD43 v4.6.0
"ESPNMotion" = ESPNMotion
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"iSofter DVD Ripper Platinum_is1" = iSofter DVD Ripper Platinum 3.0.2007.228
"jZip" = jZip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"OVT Scanner" = Uninstall OVT Scanner
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"ProShow Gold" = ProShow Gold
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Beatles Kaleidoscope" = The Beatles Kaleidoscope
"The Beatles Letter Rain" = The Beatles Letter Rain
"ViewpointMediaPlayer" = Viewpoint Media Player
"Weather Services" = Weather Services
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2012 6:17:20 PM | Computer Name = PC785018295244 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/30/2012 6:17:22 PM | Computer Name = PC785018295244 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31944985

Error - 3/30/2012 6:17:22 PM | Computer Name = PC785018295244 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/30/2012 6:17:22 PM | Computer Name = PC785018295244 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31944985

Error - 3/30/2012 6:17:22 PM | Computer Name = PC785018295244 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/30/2012 6:17:22 PM | Computer Name = PC785018295244 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/30/2012 6:17:23 PM | Computer Name = PC785018295244 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/30/2012 6:17:23 PM | Computer Name = PC785018295244 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/30/2012 6:17:23 PM | Computer Name = PC785018295244 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/30/2012 6:17:25 PM | Computer Name = PC785018295244 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 2/29/2012 3:08:30 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/2/2012 6:48:57 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/2/2012 6:48:57 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/3/2012 4:22:57 PM | Computer Name = PC785018295244 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/3/2012 4:36:00 PM | Computer Name = PC785018295244 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/3/2012 5:07:47 PM | Computer Name = PC785018295244 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/6/2012 11:53:44 PM | Computer Name = PC785018295244 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.24 on
the Network Card with network address 0018DEA39B54.

Error - 3/6/2012 11:56:53 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/6/2012 11:56:53 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/16/2012 10:42:58 PM | Computer Name = PC785018295244 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.24 on
the Network Card with network address 0018DEA39B54.

< End of report >

#3
Render

Posted 05 April 2012 - 10:20 AM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
Please tell me if you have your original Windows CD/DVD available
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select Yes.
Note: If avast! antivirus is already installed, just do the next step.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.
Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

#4
featman

Posted 07 April 2012 - 01:49 PM

Member

Topic Starter
Member
65 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 13:30:03
-----------------------------
13:30:03.062 OS Version: Windows 5.1.2600 Service Pack 3
13:30:03.062 Number of processors: 2 586 0xF06
13:30:03.062 ComputerName: PC785018295244 UserName: Richard
13:30:05.000 Initialize success
13:35:14.156 AVAST engine defs: 12040700
13:44:10.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:44:10.250 Disk 0 Vendor: ST912082 3.05 Size: 114473MB BusType: 3
13:44:10.296 Disk 0 MBR read successfully
13:44:10.312 Disk 0 MBR scan
13:44:10.546 Disk 0 unknown MBR code
13:44:10.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 101465 MB offset 63
13:44:10.625 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11970 MB offset 207816840
13:44:10.671 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 232332030
13:44:10.703 Disk 0 scanning sectors +234436545
13:44:10.859 Disk 0 scanning C:\WINDOWS\system32\drivers
13:44:43.734 Service scanning
13:45:01.390 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
13:45:01.671 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
13:45:01.890 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
13:45:02.015 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
13:45:19.562 Modules scanning
13:45:36.281 Disk 0 trace - called modules:
13:45:36.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
13:45:36.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f58ab8]
13:45:36.359 3 CLASSPNP.SYS[f7690fd7] -> nt!IofCallDriver -> \Device\00000085[0x86f62948]
13:45:36.375 5 ACPI.sys[f7507620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86a1f030]
13:45:40.281 AVAST engine scan C:\WINDOWS
13:45:56.984 AVAST engine scan C:\WINDOWS\system32
13:51:59.468 AVAST engine scan C:\WINDOWS\system32\drivers
13:52:45.421 AVAST engine scan C:\Documents and Settings\Richard
14:24:44.640 AVAST engine scan C:\Documents and Settings\All Users
14:45:53.937 Scan finished successfully
15:34:50.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Richard\Desktop\MBR.dat"
15:34:50.156 The log file has been saved successfully to "C:\Documents and Settings\Richard\Desktop\aswMBR.txt"

Attached Files

MBR.zip 597bytes 104 downloads

#5
Render

Posted 07 April 2012 - 04:14 PM

Trusted Helper

Malware Removal
4,195 posts

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#6
featman

Posted 08 April 2012 - 12:40 AM

Member

Topic Starter
Member
65 posts

Hello Render,

I followed your instructions exactly....

Here is what happened:

Combo-fix did NOT disable my internet connection, but eventually first installed a Microsoft update then ran through a 100 stage process. At the end of the process all of my desktop icons and tray disappeared. There was just my wallpaper and the combo-fix box which stated not to restart the machine manually. 6 hours later it was still like that so I shut down. When I restarted i got a blue screen and physical dump. i restarted again and the system did a 3 stage disk check . All seems OK as of right now. What went wrong? Should I run Combo-Fix again?
Thanks,
Richard

#7
Render

Posted 08 April 2012 - 06:51 AM

Trusted Helper

Malware Removal
4,195 posts

I don't know what went wrong. Please open Windows Explorer and see if C:\Combo-fix.txt file is there. If it's there open it with Notepad, select all, copy and paste it here.

#8
featman

Posted 08 April 2012 - 08:15 AM

Member

Topic Starter
Member
65 posts

There is a "combo-fix" folder in explorer that has a "combofix" notepad file in it [and many other icons and a few other notepad files]. This doesn't seem like all the information that was displayed last night, but here are the contents anyway...Thanks

ComboFix 12-04-07.03 - Richard 04/07/2012 19:35:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.491 [GMT -4:00]
Running from: C:\Documents and Settings\Richard\Desktop\Combo-Fix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Lisa\Application Data\alot
C:\Documents and Settings\Lisa\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\Lisa\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\postInstallLayout\postInstallLayout.xml
C:\Documents and Settings\Lisa\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\products\products.xml
C:\Documents and Settings\Lisa\Application Data\alot\products\products.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\domains.dat
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\alert-icon.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\clear.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\cloudy.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\default_281_alot_weather_widget.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\foggy.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\mcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\na.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\nclear.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\ncloudy.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\nmcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\npcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\nrain.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\pcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\rain.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_3\images\default_246_alot_weather_radar.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_4\images\default_247_alot_weather_detailed.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_5\images\default_248_alot_weather_severe.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_6\images\default_249_alot_mrkt_jacket.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_6\images\default_249_default_243_alot_news_mrkt_nyt.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\domains.dat
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\alot_brand.png
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_caption.bmp
C:\Documents and Settings\Lisa\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\Lisa\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\toolbar.xml
C:\Documents and Settings\Lisa\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
C:\Documents and Settings\Lisa\Application Data\alot\Updater\Updater.xml
C:\Documents and Settings\Lisa\Application Data\alot\Updater\Updater.xml.backup
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\Config.xml
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\db\Aliases.dbs
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\db\Sites.dbs
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\report\aggr_storage.xml
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\report\send_storage.xml
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs
C:\Documents and Settings\Richard\Application Data\alot
C:\Documents and Settings\Richard\Application Data\inst.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\.#
C:\Program Files\FunWebProducts
C:\WINDOWS\system32\primary.exe
D:\Autorun.inf

((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))

2012-03-31 21:46:09 . 2012-03-31 21:46:09 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files
2012-03-22 01:05:51 . 2012-03-22 01:05:51 4930 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2012-03-22 01:02:30 . 2009-03-04 21:30:14 709248 ----a-w- C:\WINDOWS\system32\drivers\rt2870.sys
2012-03-22 01:02:30 . 2009-03-04 21:23:42 221184 ----a-w- C:\WINDOWS\system32\RaCoInst.dll
2012-03-22 01:01:51 . 2012-03-22 01:01:51 21419 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys
2012-03-22 01:01:47 . 2009-03-04 21:23:42 13931 ----a-w- C:\WINDOWS\system32\drivers\RaCoInst.dat
2012-03-22 01:01:39 . 2012-03-22 01:01:39 -------- d-----w- C:\Program Files\Medialink
2012-03-18 18:45:08 . 2012-03-18 18:45:08 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-03-15 19:49:21 . 2012-03-15 19:53:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

#9
Render

Posted 08 April 2012 - 08:38 AM

Trusted Helper

Malware Removal
4,195 posts

Please select and copy entire content of Combo-fix.txt file.

#10
featman

Posted 08 April 2012 - 10:28 AM

Member

Topic Starter
Member
65 posts

Render,
I tried to select-copy-paste all contents of the folder combo-fix. Would not paste. As for the combo-fix.txt file, there isn't one. Only the combofix.txt file [without the dash] that I already sent you. Should I run the program again?

#11
Render

Posted 08 April 2012 - 10:51 AM

Trusted Helper

Malware Removal
4,195 posts

Please open file combofix.txt in Notepad, select all, copy and paste it here. You posted only part of it.

#12
featman

Posted 08 April 2012 - 11:23 AM

Member

Topic Starter
Member
65 posts

ComboFix 12-04-07.03 - Richard 04/07/2012 19:35:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.491 [GMT -4:00]
Running from: C:\Documents and Settings\Richard\Desktop\Combo-Fix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Lisa\Application Data\alot
C:\Documents and Settings\Lisa\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\Lisa\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\Lisa\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\postInstallLayout\postInstallLayout.xml
C:\Documents and Settings\Lisa\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\products\products.xml
C:\Documents and Settings\Lisa\Application Data\alot\products\products.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\domains.dat
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\alert-icon.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\clear.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\cloudy.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\default_281_alot_weather_widget.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\foggy.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\mcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\na.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\nclear.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\ncloudy.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\nmcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\npcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\nrain.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\pcloud.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_2\images\rain.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_3\images\default_246_alot_weather_radar.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_4\images\default_247_alot_weather_detailed.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_5\images\default_248_alot_weather_severe.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_6\images\default_249_alot_mrkt_jacket.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Button_6\images\default_249_default_243_alot_news_mrkt_nyt.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\domains.dat
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\alot_brand.png
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
C:\Documents and Settings\Lisa\Application Data\alot\Resources\Shared\images\widget_caption.bmp
C:\Documents and Settings\Lisa\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\Lisa\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\Documents and Settings\Lisa\Application Data\alot\toolbar.xml
C:\Documents and Settings\Lisa\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
C:\Documents and Settings\Lisa\Application Data\alot\Updater\Updater.xml
C:\Documents and Settings\Lisa\Application Data\alot\Updater\Updater.xml.backup
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\Config.xml
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\db\Aliases.dbs
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\db\Sites.dbs
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\report\aggr_storage.xml
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\report\send_storage.xml
C:\Documents and Settings\Lisa\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs
C:\Documents and Settings\Richard\Application Data\alot
C:\Documents and Settings\Richard\Application Data\inst.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\.#
C:\Program Files\FunWebProducts
C:\WINDOWS\system32\primary.exe
D:\Autorun.inf

((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))

2012-03-31 21:46:09 . 2012-03-31 21:46:09 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files
2012-03-22 01:05:51 . 2012-03-22 01:05:51 4930 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2012-03-22 01:02:30 . 2009-03-04 21:30:14 709248 ----a-w- C:\WINDOWS\system32\drivers\rt2870.sys
2012-03-22 01:02:30 . 2009-03-04 21:23:42 221184 ----a-w- C:\WINDOWS\system32\RaCoInst.dll
2012-03-22 01:01:51 . 2012-03-22 01:01:51 21419 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys
2012-03-22 01:01:47 . 2009-03-04 21:23:42 13931 ----a-w- C:\WINDOWS\system32\drivers\RaCoInst.dat
2012-03-22 01:01:39 . 2012-03-22 01:01:39 -------- d-----w- C:\Program Files\Medialink
2012-03-18 18:45:08 . 2012-03-18 18:45:08 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-03-15 19:49:21 . 2012-03-15 19:53:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

#13
featman

Posted 08 April 2012 - 11:31 AM

Member

Topic Starter
Member
65 posts

I see that was the same thing i sent already. That was it. Selected all,copied and pasted it. Sorry, this is frustrating to me as well. Appreciate your help and patience. Happy Easter