Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Repeated Bad Image Errors and Unable to Run MalWare Removal

Started by LadyDraco , Apr 26 2012 06:12 PM

  • Please log in to reply

#1
LadyDraco
Posted 26 April 2012 - 06:12 PM

LadyDraco

    New Member

  • Member
  • Pip
  • 1 posts
When I open my YIM and KMPlayer, and try to install or run a new antivirus/antimalware program, I get an error message that says "C:\Windows\system32\pnrpnsp.dll is either not desgned to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support" (that was the exact message when I went to pcpitstop to use their malware removal tool). It changes the .dll association with the opened program, but the basic message is the same. It also will not let me run the program (YIM or Exterminator from pcpitstop). I ran the OTL scan and the results are below. What is my next move?


OTL logfile created on: 4/26/2012 7:17:01 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\lscorst\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 49.56% Memory free
6.09 Gb Paging File | 4.35 Gb Available in Paging File | 71.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 51.71 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LARISSA | User Name: lscorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 19:16:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\lscorst\Downloads\OTL.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/08 11:27:14 | 005,158,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/07/29 15:26:48 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/07/29 15:26:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/07/29 15:25:00 | 000,952,832 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/07/29 15:24:28 | 000,483,840 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/20 22:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 03:36:18 | 000,544,240 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll
MOD - [2012/04/12 03:36:17 | 000,117,744 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll
MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 02:51:55 | 008,743,584 | ---- | M] () -- C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2008/09/23 21:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/13 21:42:49 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/08 11:27:14 | 005,158,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/29 15:26:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/07/29 15:25:00 | 000,952,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/07/29 15:24:28 | 000,483,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 10:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A28AFCB-D7B6-4628-8EA2-D66964A22F01}
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{374C5DDA-B66F-42E0-B69C-D8E55AAC3748}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{83D72712-607F-4A3B-8B79-6931E9BA4ABD}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@meadco.com/neptune plugin,version=2.0.0.29: C:\PROGRA~1\MEADCO~1\npmeadax.dll (MeadCo Corp.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\lscorst\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lscorst\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lscorst\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/04/12 22:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/04/26 16:49:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/26 16:49:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\lscorst\AppData\Roaming\IDM\idmmzcc3

[2011/06/28 01:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lscorst\AppData\Roaming\Mozilla\Extensions
[2010/01/08 20:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lscorst\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/28 01:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lscorst\AppData\Roaming\Mozilla\Firefox\Profiles\t83xm07k.default\extensions
[2011/06/28 01:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lscorst\AppData\Roaming\Mozilla\Firefox\Profiles\t83xm07k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/28 01:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lscorst\AppData\Roaming\Mozilla\Firefox\Profiles\t83xm07k.default\extensions\staged-xpis
[2011/06/28 01:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 23:20:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 08:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/12 12:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/06 13:22:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/15 01:40:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/04/07 20:12:43 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lscorst\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: MeadCo's Neptune (Enabled) = C:\PROGRA~1\MEADCO~1\npmeadax.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lscorst\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\lscorst\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: AVG Safe Search = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\
CHR - Extension: Gmail = C:\Users\lscorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\lscorst\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E09830-0314-49B7-878F-408513C6AE48}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\lscorst\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\lscorst\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85298747-c211-11df-90e2-001f165eec0c}\Shell - "" = AutoRun
O33 - MountPoints2\{85298747-c211-11df-90e2-001f165eec0c}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 18:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2012/04/26 18:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
[2012/04/26 18:31:50 | 000,000,000 | ---D | C] -- C:\Users\lscorst\AppData\Roaming\QuickScan
[2012/04/26 16:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/04/13 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/04/13 21:42:49 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 17:50:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/13 17:50:44 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/13 17:50:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/13 17:50:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/13 17:50:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/13 17:50:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/13 17:45:20 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/13 17:45:20 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/08 11:41:22 | 000,000,000 | ---D | C] -- C:\Users\lscorst\AppData\Roaming\AVG2012
[2012/04/08 11:37:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/08 11:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/08 11:37:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/04/08 11:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/04/08 11:33:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/08 11:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/08 11:23:27 | 000,000,000 | R-SD | C] -- C:\Users\lscorst\Documents\McAfee Vaults
[2012/04/03 18:35:30 | 000,000,000 | ---D | C] -- C:\Users\lscorst\AppData\Roaming\Yahoo!
[2012/04/01 17:33:58 | 000,000,000 | ---D | C] -- C:\PFiles
[2012/04/01 17:28:36 | 000,000,000 | ---D | C] -- C:\Users\lscorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

========== Files - Modified Within 30 Days ==========

[2012/04/26 19:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 18:32:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000UA.job
[2012/04/26 18:23:38 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/04/26 18:23:37 | 000,007,728 | ---- | M] () -- C:\Users\lscorst\AppData\Local\d3d9caps.dat
[2012/04/26 18:20:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:20:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:20:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 18:20:36 | 3149,074,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 18:05:44 | 096,333,007 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/26 17:32:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000Core.job
[2012/04/26 16:49:55 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/25 17:44:33 | 000,250,524 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/25 16:31:31 | 000,000,904 | ---- | M] () -- C:\Users\lscorst\.recently-used.xbel
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/04/17 22:37:02 | 000,219,136 | ---- | M] () -- C:\Users\lscorst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/16 23:57:55 | 000,622,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/16 23:57:55 | 000,112,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/15 11:34:53 | 000,002,052 | ---- | M] () -- C:\Users\lscorst\Desktop\Google Chrome.lnk
[2012/04/15 11:34:53 | 000,002,014 | ---- | M] () -- C:\Users\lscorst\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/14 17:22:03 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForlscorst.job
[2012/04/14 13:14:23 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/04/14 13:14:16 | 000,000,779 | ---- | M] () -- C:\Users\lscorst\Desktop\LGMobile Support Tool.lnk
[2012/04/13 21:42:49 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 21:42:49 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/12 17:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(53).dat
[2012/04/11 22:53:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1(65).C7483456-A289-439d-8115-601632D005A0
[2012/04/11 22:53:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0(64).C7483456-A289-439d-8115-601632D005A0
[2012/04/11 22:52:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(270).DAT
[2012/04/11 22:32:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000UA(269).job
[2012/04/11 17:32:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000Core(268).job
[2012/04/09 22:35:00 | 000,002,014 | ---- | M] () -- C:\Users\lscorst\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome(46).lnk
[2012/04/09 16:39:09 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp(38).ini

========== Files Created - No Company Name ==========

[2012/04/26 18:05:44 | 096,333,007 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/25 17:44:33 | 000,250,524 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/25 16:31:31 | 000,000,904 | ---- | C] () -- C:\Users\lscorst\.recently-used.xbel
[2012/04/14 13:14:16 | 000,000,779 | ---- | C] () -- C:\Users\lscorst\Desktop\LGMobile Support Tool.lnk
[2012/04/13 21:42:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 11:39:12 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/01 17:28:37 | 000,002,052 | ---- | C] () -- C:\Users\lscorst\Desktop\Google Chrome.lnk
[2012/04/01 17:28:37 | 000,002,014 | ---- | C] () -- C:\Users\lscorst\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/01 17:28:37 | 000,002,014 | ---- | C] () -- C:\Users\lscorst\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome(46).lnk
[2012/04/01 17:27:31 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000UA.job
[2012/04/01 17:27:31 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000UA(269).job
[2012/04/01 17:27:30 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000Core.job
[2012/04/01 17:27:30 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3613881149-1757695885-1510290273-1000Core(268).job
[2011/12/24 13:47:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/12/24 13:47:43 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/06/15 02:11:08 | 000,000,232 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/13 14:35:49 | 000,009,506 | -HS- | C] () -- C:\Users\lscorst\AppData\Local\xoe2pxf8tilc1w5bp4x354ec6
[2011/05/13 14:35:49 | 000,009,506 | -HS- | C] () -- C:\ProgramData\xoe2pxf8tilc1w5bp4x354ec6
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/17 17:01:11 | 000,000,131 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 26 April 2012 - 11:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
There is something wrong with pnrpnsp.dll. It should show Microsoft in the () at the end of the two 010 lines. Let's see if we can fix it. First let's give Windows sfc a try:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt


attach the file \windows\logs\cbs\junk.txt to your next reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



You are also showing signs of an old infection:

[2011/05/13 14:35:49 | 000,009,506 | -HS- | C] () -- C:\Users\lscorst\AppData\Local\xoe2pxf8tilc1w5bp4x354ec6
[2011/05/13 14:35:49 | 000,009,506 | -HS- | C] () -- C:\ProgramData\xoe2pxf8tilc1w5bp4x354ec6

We will get them with the next run of OTL but I want to see what is going on with pnrpnsp.dll first.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP