Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Extremely slow... [Closed]


  • This topic is locked This topic is locked

#1
adairco

adairco

    New Member

  • Member
  • Pip
  • 1 posts
My computer has become extremely slow. I'm not sure if I'm infected or if I simply have a very full registry, due to the age of my computer. I inherited a virus or two in the last few weeks, and I've used Spybot and Malware Bytes to scan and fix. Both programs 'say' they have successfully removed... I've learned to avoid links, ads, etc. and only use websites available thru Google search... but my precautionary practice may be too late at this point. I do not have any virus protection programs installed other than what Windows XP provides. I have created an OTL.Txt-Notepad and Extras.Txt-Notepad thru your scans. Awhile ago I received a pop-up from Windows Defender informing me of a trojan. I hit ignore and have done nothing further to address it. I believe that my Internet Explorer browser has also been hyjacked.Attached File  OTL.Txt   102.73KB   85 downloadsAttached File  Extras.Txt   39.16KB   77 downloads

Brad

OTL logfile created on: 8/19/2012 6:17:59 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = F:\Documents and Settings\brad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1007.48 Mb Total Physical Memory | 168.09 Mb Available Physical Memory | 16.68% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.14% Paging File free
Paging file location(s): F:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 55.91 Gb Total Space | 46.16 Gb Free Space | 82.57% Space Free | Partition Type: NTFS
Drive F: | 76.68 Gb Total Space | 38.62 Gb Free Space | 50.37% Space Free | Partition Type: NTFS

Computer Name: ADAIR | User Name: brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 18:16:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\brad\Desktop\OTL.exe
PRC - [2012/08/19 17:52:45 | 011,977,080 | ---- | M] (LogMeIn, Inc.) -- F:\Documents and Settings\brad\Local Settings\Application Data\join.me\join.me.exe
PRC - [2012/06/21 09:41:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Real\realone player\Update\realsched.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- F:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- F:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2007/04/24 14:26:00 | 000,910,896 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/04/24 14:25:40 | 000,149,040 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- F:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/08/04 12:06:39 | 000,052,736 | ---- | M] (Macrovision) -- F:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/12/01 02:54:22 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/19 17:52:45 | 000,075,640 | ---- | M] () -- F:\Documents and Settings\brad\Local Settings\Application Data\join.me\LMIInputHook32.dll
MOD - [2012/08/19 17:52:45 | 000,075,640 | ---- | M] () -- F:\Documents and Settings\brad\Local Settings\Application Data\join.me\LMIFilterHook32-Clone000.dll
MOD - [2012/06/14 03:29:21 | 000,221,696 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:26:45 | 000,212,992 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:21:24 | 003,186,688 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/14 03:21:23 | 002,933,248 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 03:21:22 | 000,425,984 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/14 03:21:17 | 000,630,784 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/14 03:21:17 | 000,303,104 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 03:21:15 | 000,261,632 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/14 03:21:15 | 000,258,048 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/14 03:21:14 | 002,048,000 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/14 03:21:12 | 000,114,688 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/14 03:21:06 | 005,025,792 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 03:18:10 | 013,197,824 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:09:58 | 001,666,048 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/10 03:34:32 | 000,762,368 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:34:29 | 000,786,944 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 03:34:27 | 000,646,656 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/10 03:23:46 | 007,953,408 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:22:56 | 011,492,352 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/10 03:08:34 | 005,618,176 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/10 03:08:26 | 000,980,480 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/10 03:07:15 | 006,798,336 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/10 03:06:51 | 007,052,800 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/10 03:06:32 | 009,090,560 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/10 03:06:11 | 014,412,800 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2010/03/15 22:03:27 | 000,755,712 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2010/03/15 22:03:24 | 001,058,304 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/03/15 22:03:23 | 000,471,040 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/03/15 22:03:22 | 000,458,752 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2010/03/15 22:03:22 | 000,065,536 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2010/03/15 22:03:22 | 000,045,056 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2010/03/15 22:03:21 | 000,073,728 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2010/03/15 22:03:19 | 000,402,208 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/03/15 22:03:19 | 000,238,368 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/03/15 22:03:19 | 000,047,392 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/03/15 22:03:19 | 000,023,840 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/03/15 22:03:19 | 000,018,720 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/03/15 22:03:19 | 000,012,064 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/03/15 22:03:18 | 000,130,848 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/03/15 22:03:18 | 000,120,608 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/03/15 22:03:18 | 000,072,992 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- F:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/08/15 04:40:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- F:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- F:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/08/04 12:06:39 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- F:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- F:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- f:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys -- (RapportIaso)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\MSI\PC Alert 4\NTGLM7X.sys -- (PCAlertDriver)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- F:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/06/16 15:08:13 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- F:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 03:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/22 09:58:24 | 000,024,576 | ---- | M] (NT Kernel Resources) [Kernel | System | Unknown] -- F:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2008/07/28 17:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 17:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/18 04:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- F:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/08/04 12:06:37 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2004/12/01 07:40:08 | 002,300,928 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004/04/13 07:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001/08/23 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2000/05/19 16:24:56 | 000,011,504 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- F:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {B0031D74-9ABA-4A14-92E6-236D734A5B81}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{20BA5A8A-474F-404D-BD9E-14E4D9E01863}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{7191B367-70CA-4C8C-8AEA-7C978BBBE3E0}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{882CA552-FBDF-4774-B8C8-A1C9475833E8}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{92FBAD1C-2865-43CF-B949-8AE5E5230FC8}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{93E0BBBA-073A-4458-BF93-43A8FC5E8790}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{B0031D74-9ABA-4A14-92E6-236D734A5B81}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C5927096-BD38-4BCC-9CB6-ADF716FBDF9E}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{CF171107-C09F-439A-B896-2E2F84199B86}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{D697D355-BE54-421C-A433-E2CB3DE1042E}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\SearchScopes,DefaultScope = {B0031D74-9ABA-4A14-92E6-236D734A5B81}
IE - HKCU\..\SearchScopes\{0B21527E-43E2-4175-BA65-44E703D5FDBD}: "URL" = http://us.yhs4.searc...520,18807,0,8,0
IE - HKCU\..\SearchScopes\{2DBB298B-8C22-4D37-9FBA-20A0D961D2C9}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6526806D-9DBB-4F92-81E1-BDAA96A0770C}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{8352F997-8590-47C2-9AB1-F4FF64E8FFF6}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{B0031D74-9ABA-4A14-92E6-236D734A5B81}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{C60B5CFA-62A7-4F27-B995-7EDDB190AB67}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{E009B318-93FD-45BD-A336-FA73904D26EA}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{E48EDB05-0F5D-4DB6-9259-8BA6691C42C0}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "PureDef Music"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.31
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.3
FF - prefs.js..keyword.URL: "http://results.myway...kwd&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: f:\program files\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: f:\program files\real\realone player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: f:\program files\real\realone player\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 09:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/06/21 09:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2012/08/18 07:40:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C0287E9E-C92F-11E1-8270-B8AC6F996F26}: F:\Documents and Settings\brad\Local Settings\Application Data\{C0287E9E-C92F-11E1-8270-B8AC6F996F26}\ [2012/07/08 14:04:38 | 000,000,000 | ---D | M]

[2011/12/13 10:52:07 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Extensions
[2010/08/11 17:37:57 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Extensions\[email protected]
[2011/12/13 11:29:18 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions
[2010/05/22 22:25:04 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 11:29:18 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2012/05/19 13:31:03 | 000,000,000 | ---D | M] ("I Want This") -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\[email protected]
[2011/12/12 21:35:38 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\[email protected]
[2010/05/22 22:25:04 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\staged-xpis
[2010/05/22 22:25:28 | 000,002,168 | ---- | M] () -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\searchplugins\inbox-search.xml
[2011/12/12 21:35:55 | 000,009,944 | ---- | M] () -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\searchplugins\puredefmusic.xml
[2011/12/06 20:24:54 | 000,002,513 | ---- | M] () -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\searchplugins\Search_Results.xml
[2011/12/13 11:28:30 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/12/13 11:28:30 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[2010/04/17 23:35:09 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/07/08 14:04:38 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- F:\DOCUMENTS AND SETTINGS\BRAD\LOCAL SETTINGS\APPLICATION DATA\{C0287E9E-C92F-11E1-8270-B8AC6F996F26}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/21 09:41:30 | 000,129,144 | ---- | M] (RealPlayer) -- F:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/12/06 20:24:54 | 000,002,513 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = F:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = F:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = F:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = F:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = F:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = F:\Documents and Settings\brad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/07/18 12:14:59 | 000,443,488 | R--- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15236 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] F:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Photo Downloader] F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [robap] F:\Documents and Settings\brad\Application Data\robap.dll (SigmaTel, Inc.)
O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\real\realone player\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] F:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] "F:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O15 - HKCU\..Trusted Domains: compassweb.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webe...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///F:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D398E6C-FB2A-44A7-A417-198B486AE7E2}: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - F:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - F:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - F:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/07 18:58:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 18:16:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\brad\Desktop\OTL.exe
[2012/08/19 17:39:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/19 17:39:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/08 14:04:35 | 000,402,944 | ---- | C] (SigmaTel, Inc.) -- F:\Documents and Settings\brad\Application Data\robap.dll
[2005/07/20 08:50:15 | 000,515,269 | ---- | C] (InstallShield Software Corporation) -- F:\Program Files\GoogleEarth.exe
[5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 18:16:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\brad\Desktop\OTL.exe
[2012/08/19 17:52:38 | 000,001,324 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2012/08/19 17:51:01 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 17:40:01 | 000,000,830 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 12:00:00 | 000,000,942 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/19 12:00:00 | 000,000,360 | ---- | M] () -- F:\WINDOWS\tasks\PerfectOptimizer_home.job
[2012/08/19 02:10:31 | 000,000,330 | -H-- | M] () -- F:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/18 22:51:00 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 07:39:18 | 000,000,308 | ---- | M] () -- F:\Documents and Settings\brad\Desktop\BBVA Compass.url
[2012/08/15 14:16:00 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1390067357-682003330-1003.job
[2012/08/15 03:22:50 | 000,000,276 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1390067357-682003330-1003.job
[2012/08/15 03:22:48 | 000,013,002 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/08/15 03:22:38 | 000,000,236 | ---- | M] () -- F:\WINDOWS\tasks\OGALogon.job
[2012/08/15 03:22:10 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/08/15 03:22:03 | 000,345,808 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 03:21:58 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\lvuvc.hs
[2012/08/15 03:21:55 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\logiflt.iad
[2012/08/15 03:05:11 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2012/07/31 13:13:46 | 000,003,102 | ---- | M] () -- F:\Documents and Settings\brad\Desktop\Convert Area - Unit Converter.url
[2012/07/31 12:58:04 | 000,000,385 | ---- | M] () -- F:\Documents and Settings\brad\Desktop\Google Maps.url
[2012/07/27 16:43:17 | 000,211,862 | ---- | M] () -- F:\Documents and Settings\brad\My Documents\Customer Fax Express Form1.pdf
[2012/07/25 14:17:24 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/27 16:43:17 | 000,211,862 | ---- | C] () -- F:\Documents and Settings\brad\My Documents\Customer Fax Express Form1.pdf
[2012/07/14 23:44:39 | 000,001,324 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2012/04/18 03:36:06 | 000,308,358 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1390067357-682003330-1003-0.dat
[2012/04/18 03:36:05 | 000,308,358 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/17 18:01:13 | 000,000,590 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 07:03:01 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll
[2011/12/13 15:04:05 | 000,000,111 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2011/12/12 21:17:09 | 000,237,857 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\census.cache
[2011/12/12 21:16:31 | 000,204,352 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\ars.cache
[2011/12/12 20:41:51 | 000,000,036 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\housecall.guid.cache
[2011/12/05 12:25:26 | 000,000,024 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2010/05/01 09:40:13 | 000,019,968 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 10:31:45 | 000,000,600 | ---- | C] () -- F:\Documents and Settings\brad\PUTTY.RND
[2009/03/27 12:15:32 | 000,000,064 | ---- | C] () -- F:\Documents and Settings\brad\default.pls
[2006/04/10 16:44:29 | 000,000,115 | ---- | C] () -- F:\Documents and Settings\brad\Q3.DIR
[2005/10/29 11:09:23 | 000,000,038 | ---- | C] () -- F:\Program Files\segment1.ram
[2005/09/26 11:05:22 | 000,001,755 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2011/12/11 16:22:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\430F
[2012/08/15 03:23:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/12/06 20:24:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/07/02 07:31:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2012/07/20 15:45:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GFI Software
[2011/06/27 20:06:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/03/25 14:01:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/19 23:35:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/07/14 23:36:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/28 09:57:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Trusteer
[2010/04/20 07:39:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/06 06:20:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 07:54:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/13 11:26:49 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\~0
[2012/06/08 22:07:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Ad-Aware Antivirus
[2009/03/26 11:35:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Canon
[2009/06/29 07:35:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/02 07:31:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\eFax Messenger
[2009/06/06 11:40:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\FUJIFILM
[2006/03/28 17:51:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\iPodder
[2010/07/02 07:30:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\j2 Global
[2007/05/17 10:27:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Keyhole
[2009/04/11 14:09:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Leadertech
[2010/05/13 12:53:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\NewSoft
[2009/03/25 18:16:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\ScanSoft
[2010/05/22 22:28:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\SiteRanker
[2010/04/03 09:41:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\SmartDraw
[2012/07/14 23:13:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\TestApp
[2007/11/16 14:15:25 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Uniblue
[2011/12/07 07:27:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\wincorebsband
[2012/05/19 13:33:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Zeon
[2012/08/19 12:00:00 | 000,000,942 | ---- | M] () -- F:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/19 02:10:31 | 000,000,330 | -H-- | M] () -- F:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/08/15 03:22:38 | 000,000,236 | ---- | M] () -- F:\WINDOWS\Tasks\OGALogon.job
[2012/08/19 12:00:00 | 000,000,360 | ---- | M] () -- F:\WINDOWS\Tasks\PerfectOptimizer_home.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please post also Extras.txt log. It should be on your Desktop.

NEXT...

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#3
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP