Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Freezes, Sluggish [Solved]


  • This topic is locked This topic is locked

#1
dimills

dimills

    Member

  • Member
  • PipPip
  • 37 posts
Hi,
I've recently had issues with my computer occasionally locking up, and being sluggish. I don't know if one of my kids might have downloaded some kind of malware to cause this. Here's my OTL log, thanks for your help:

OTL logfile created on: 8/20/2012 10:33:42 PM - Run 8
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.04% Memory free
3.85 Gb Paging File | 2.64 Gb Available in Paging File | 68.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 58.15 Gb Free Space | 19.51% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/20 22:33:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2012/07/31 20:15:57 | 013,003,448 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/07/18 17:28:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/22 11:37:54 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/12/22 11:37:04 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2011/12/22 11:36:50 | 000,362,432 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/12/22 11:24:20 | 002,177,536 | ---- | M] (Jackpot Rewards) -- C:\Program Files\Shop To Win\ShopToWin.exe
PRC - [2011/12/19 14:57:48 | 001,136,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2011/12/19 12:35:16 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/20 15:05:03 | 001,802,240 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082001\algo.dll
MOD - [2012/06/14 03:24:40 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:24:23 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/10 03:20:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:20:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/08/18 00:03:37 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\WinRar v.3.70b\Winrar v.3.70b Full\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 17:28:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/15 21:09:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/12 15:40:17 | 003,963,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/06/17 13:01:42 | 000,923,648 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SensorsViewPro41\svservice.exe -- (SensorsVService)
SRV - [2010/06/07 18:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\GamesCampus\MLBDugoutHeroes\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/06/29 05:18:16 | 000,066,776 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011/01/28 21:16:32 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/01/28 21:16:23 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/07/26 14:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | System | Running] -- C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys -- (sensorsview)
DRV - [2007/04/25 16:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2001/11/08 04:53:54 | 000,018,120 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/18 19:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/08/18 19:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/07 20:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/11 20:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/23 13:37:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\Move Networks [2010/02/24 01:51:40 | 000,000,000 | ---D | M]

[2008/08/18 18:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/01/27 10:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ksus49i4.default\extensions
[2010/01/31 12:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ksus49i4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/23 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/01 00:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2012/07/11 20:16:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/07 20:41:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/18 17:29:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/06/30 10:08:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/30 10:08:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/05/13 01:05:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {369610E7-39B5-475B-880B-25E463B8567C} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Quixley_KMb Toolbar) - {DA566842-D620-41BF-8A10-149CFA14035D} - C:\Program Files\Quixley_KMb\prxtbQuix.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://passage.cna....0,2011,104,2309 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://passage.cna....,2010,1020,1507 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://passage.cna....,2010,1020,1407 (F5 Networks Policy Agent Host Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://passage.cna....,2011,0117,1453 (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://passage.cna....,2010,1020,1428 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://passage.cna....00,2011,124,911 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://passage.cna....,2010,1020,1432 (F5 Networks OS Policy Agent)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C307605-127F-47B4-9E3E-4CF24C91E3B4}: NameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\pmnlmnKd: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Scott\My Documents\My Pictures\jon frost crystal springs.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott\My Documents\My Pictures\jon frost crystal springs.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/16 19:40:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 22:33:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/07/30 20:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/07/30 20:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2012/07/30 20:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
[2012/07/29 13:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Shop To Win
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 22:41:17 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAF4EB7A-B075-4520-A9EC-3AE7EF43FABD}.job
[2012/08/20 22:33:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/08/20 22:30:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 22:30:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 22:23:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/20 22:15:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1682526488-725345543-1003UA.job
[2012/08/20 21:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/20 21:15:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1682526488-725345543-1003Core.job
[2012/08/20 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/08/20 20:24:23 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/20 20:23:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/20 20:23:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/20 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/08/20 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/08/19 19:58:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/08/19 11:07:07 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/19 03:16:06 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:15:26 | 197,141,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/08/19 03:15:26 | 004,044,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/08/19 03:15:26 | 002,616,620 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/08/19 03:15:26 | 000,371,300 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/08/19 00:30:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/18 21:10:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/18 20:19:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/09 19:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/02 07:23:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/02 07:23:38 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/31 20:15:59 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel App.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/30 20:55:25 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix Receiver.lnk
[2012/07/21 01:07:20 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/07/01 16:29:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5unistall.INI
[2012/06/30 10:55:11 | 000,105,146 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2012/06/30 10:55:11 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2012/03/14 03:23:31 | 000,317,530 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-1682526488-725345543-1004-0.dat
[2012/02/26 18:46:49 | 000,174,008 | ---- | C] () -- C:\Program Files\39res.dll
[2012/02/16 15:25:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/12 04:40:17 | 000,317,530 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/13 00:00:15 | 000,000,165 | ---- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2011/02/14 02:03:36 | 010,977,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2011/02/03 02:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/01/23 14:23:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4q.DLL
[2010/09/02 23:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/19 22:16:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2008/08/27 06:22:43 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 00:11:03 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls
[2008/08/16 20:01:59 | 005,767,168 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak

========== LOP Check ==========

[2008/08/24 22:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/01/28 21:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/05/05 00:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/06 12:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2012/07/30 20:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/07/01 16:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F5 Networks
[2008/11/08 16:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2012/05/05 00:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/01/31 21:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/11/09 00:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/07/18 17:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/06/04 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/10/14 23:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/08/26 21:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\services
[2011/10/15 16:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/24 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/08 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/06/25 16:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/03 22:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/07/20 00:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/03 15:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/25 11:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/28 21:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2010/01/09 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/01/23 01:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Family Lawyer
[2010/01/11 00:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2011/01/31 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2008/10/01 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/11/08 23:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2011/07/30 11:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2011/02/13 17:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STV Software
[2012/07/31 19:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/09/08 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Visan
[2010/08/08 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2012/08/20 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/08/20 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/08/19 19:58:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/08/20 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/08/20 20:24:23 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/20 22:41:17 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAF4EB7A-B075-4520-A9EC-3AE7EF43FABD}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Any particular reason OTL has been ran eight times?

OTL logfile created on: 8/20/2012 10:33:42 PM - Run 8

Next:

Please post the contents of the Extras.txt log created by OTL in your next reply, it should be on the desktop.
  • 0

#3
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
Due to past infections, I've run OTL in the past. I've backed up the registry with ERUNT, but can't find an extras log on my desktop, anywhere else I can look for it?
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Due to past infections, I've run OTL in the past

Fair play and thank you for the clarification.

I've backed up the registry with ERUNT

Good.

but can't find an extras log on my desktop, anywhere else I can look for it?

Not a problem, I will merely ask you run OTL again so I can review that particular log before we proceed with anything proactive so to speak.

Re-scan with OTL:

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
Haven't had any time to use computer after scans, so it's hard to tell in this short time of any changes in performance.

Here's the result of the OTL scan:

OTL logfile created on: 8/22/2012 9:48:59 PM - Run 9
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.08% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 58.09 Gb Free Space | 19.49% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/20 22:33:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/22 11:37:54 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/12/22 11:37:04 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2011/12/22 11:36:50 | 000,362,432 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/12/19 14:57:48 | 001,136,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2011/12/19 12:35:16 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/22 14:11:47 | 001,802,240 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082201\algo.dll
MOD - [2012/06/14 03:24:40 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:24:23 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/10 03:20:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:20:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/22 21:43:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 17:28:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/12 15:40:17 | 003,963,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/06/17 13:01:42 | 000,923,648 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SensorsViewPro41\svservice.exe -- (SensorsVService)
SRV - [2010/06/07 18:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\GamesCampus\MLBDugoutHeroes\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/06/29 05:18:16 | 000,066,776 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011/01/28 21:16:32 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/01/28 21:16:23 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/07/26 14:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | System | Running] -- C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys -- (sensorsview)
DRV - [2007/04/25 16:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2001/11/08 04:53:54 | 000,018,120 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/18 19:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/08/18 19:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/07 20:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/11 20:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/23 13:37:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\Move Networks [2010/02/24 01:51:40 | 000,000,000 | ---D | M]

[2008/08/18 18:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/01/27 10:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ksus49i4.default\extensions
[2010/01/31 12:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ksus49i4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/23 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/01 00:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2012/07/11 20:16:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/07 20:41:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/18 17:29:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/06/30 10:08:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/30 10:08:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/05/13 01:05:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {369610E7-39B5-475B-880B-25E463B8567C} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (Quixley_KMb Toolbar) - {DA566842-D620-41BF-8A10-149CFA14035D} - C:\Program Files\Quixley_KMb\prxtbQuix.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://passage.cna....0,2011,104,2309 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://passage.cna....,2010,1020,1507 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://passage.cna....,2010,1020,1407 (F5 Networks Policy Agent Host Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://passage.cna....,2011,0117,1453 (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://passage.cna....,2010,1020,1428 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://passage.cna....00,2011,124,911 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://passage.cna....,2010,1020,1432 (F5 Networks OS Policy Agent)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C307605-127F-47B4-9E3E-4CF24C91E3B4}: NameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\pmnlmnKd: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Scott\My Documents\My Pictures\jon frost crystal springs.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott\My Documents\My Pictures\jon frost crystal springs.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/16 19:40:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 01:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/22 01:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/22 01:01:32 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Scott\Desktop\erunt-setup.exe
[2012/08/20 22:33:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/07/30 20:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/07/30 20:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2012/07/30 20:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
[2012/07/29 13:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Shop To Win
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/22 21:53:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/22 21:43:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAF4EB7A-B075-4520-A9EC-3AE7EF43FABD}.job
[2012/08/22 21:43:01 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/22 21:43:01 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/22 21:42:49 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/22 21:41:51 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 21:41:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/22 21:41:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/22 16:30:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 16:15:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1682526488-725345543-1003UA.job
[2012/08/22 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/08/22 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/08/22 01:01:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\NTREGOPT.lnk
[2012/08/22 01:01:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\ERUNT.lnk
[2012/08/22 01:01:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Scott\Desktop\erunt-setup.exe
[2012/08/22 00:58:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/21 22:30:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/21 21:15:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1682526488-725345543-1003Core.job
[2012/08/21 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/08/21 19:58:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/08/21 19:19:11 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/20 22:33:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/08/19 11:07:07 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/19 03:16:06 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:15:26 | 197,141,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/08/19 03:15:26 | 004,044,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/08/19 03:15:26 | 002,616,620 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/08/19 03:15:26 | 000,371,300 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/08/18 21:10:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/09 19:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/02 07:23:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/02 07:23:38 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/31 20:15:59 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel App.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/22 01:01:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\NTREGOPT.lnk
[2012/08/22 01:01:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\ERUNT.lnk
[2012/07/30 20:55:25 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix Receiver.lnk
[2012/07/21 01:07:20 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/07/01 16:29:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5unistall.INI
[2012/06/30 10:55:11 | 000,105,146 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2012/06/30 10:55:11 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2012/03/14 03:23:31 | 000,317,530 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-1682526488-725345543-1004-0.dat
[2012/02/26 18:46:49 | 000,174,008 | ---- | C] () -- C:\Program Files\39res.dll
[2012/02/16 15:25:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/12 04:40:17 | 000,317,530 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/13 00:00:15 | 000,000,165 | ---- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2011/02/14 02:03:36 | 010,977,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2011/02/03 02:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/01/23 14:23:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4q.DLL
[2010/09/02 23:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/19 22:16:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2008/08/27 06:22:43 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 00:11:03 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls
[2008/08/16 20:01:59 | 005,767,168 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

< End of report >
  • 0

#6
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here's the extras log from OTL:

OTL Extras logfile created on: 8/22/2012 9:48:59 PM - Run 9
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.08% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 58.09 Gb Free Space | 19.49% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\Michael\Desktop\MLBDugoutHeroes.exe" = C:\Documents and Settings\Michael\Desktop\MLBDugoutHeroes.exe:*:Enabled:MLBDugoutHeroes
"C:\GamesCampus\MLBDugoutHeroes\MLBDugoutHeroes.exe" = C:\GamesCampus\MLBDugoutHeroes\MLBDugoutHeroes.exe:*:Enabled:MLBDugoutHeroes -- ()
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{246CB06B-308C-4CAE-AD1C-CB8409274261}" = Citrix Receiver(Aero)
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39540D6A-9773-4063-9194-4C5AA92E89FD}" = Alienware Dual Compatible Game Pad
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51CA70A6-8930-44d9-B28B-CB4229A88CB8}_is1" = World Basketball Manager 1.9.2969
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{655C5545-7974-443F-882F-D745607EBB08}" = Citrix Receiver(DV)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{739A6D0C-CA8D-4955-8E3D-58D1847327AC}" = Online Plug-in
"{7414C891-720D-4E86-85E5-C3AA898DA9EC}" = HP Deskjet 1050 J410 series Product Improvement Study
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5845B5-729F-40E3-A945-4454E67F65F4}" = BCL easyConverter Desktop 3 (Word Version)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}" = Citrix Receiver Inside
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A113003E-8271-4485-ABC1-83FB96BFFF52}" = Citrix Receiver(USB)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35F88E5-A813-400C-AB99-09F5F5CDD2EC}" = PTDD Partition Table Doctor 3.5
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A7E6A962-C086-47E3-BAEC-9C84AF292820}" = SpongeBob SquarePants - Battle for Bikini Bottom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1E1FB29-E2FD-47D2-A06D-B6DCF7BF627E}" = MLB DugoutHeores
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}" = Citrix Receiver (HDX Flash Redirection)
"{BEE7766E-C99F-4735-A42B-77924324F253}" = Backyard Soccer 2004
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP1
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E32661E0-A745-48A5-A9B9-073FDC6B119C}" = Text to Speech XP
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}" = Broderbund Family Lawyer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F605992E-FD5B-46D7-AFDA-FDB1AB00F829}" = Self-service Plug-in
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"avast" = avast! Free Antivirus
"Backyard Football" = Backyard Football
"Blue's 123 Time Activities" = Blue's 123 Time Activities
"Blue's Art Time Activities" = Blue's Art Time Activities
"Blue's Treasure Hunt" = Blue's Treasure Hunt
"BluesCluesPreschoolDKey" = Blue's Preschool
"Buzzer Control_is1" = Buzzer Control 1.06
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"F5 Networks Client Components" = BIG-IP Edge Client Components (All Users)
"FLAC" = FLAC 1.2.1b (remove only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{BEE7766E-C99F-4735-A42B-77924324F253}" = Backyard Soccer 2004
"InstallShield_{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}" = Broderbund Family Lawyer
"Kidspiration 3" = Kidspiration 3
"Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Magic ISO Maker v5.4 (build 0255)" = Magic ISO Maker v5.4 (build 0255)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Monopoly - SpongeBob SquarePants Edition" = Monopoly - SpongeBob SquarePants Edition
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mustek 1200 UB Plus v1.3" = Mustek 1200 UB Plus v1.3
"MVApplication1" = Memorex exPressit Label Design Studio
"NVIDIA Drivers" = NVIDIA Drivers
"Phpnuke Downloader Winzip" = Phpnuke Downloader Winzip
"Playbryte" = PlayBryte
"Quixley_KMb Toolbar" = Quixley_KMb Toolbar
"SensorsView Pro 4.1" = SensorsView Pro 4.1
"Smart Defrag_is1" = Smart Defrag
"Speccy" = Speccy
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"Tag&Rename_is1" = Tag&Rename 3.4.6
"The Game of Life - SpongeBob SquarePants Edition" = The Game of Life - SpongeBob SquarePants Edition
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Un-Zip for Windows" = Un-Zip for Windows 9.22beta
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinPatrol" = WinPatrol
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.83
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2012 3:09:07 AM | Computer Name = LIVINGROOM2 | Source = LoadPerf | ID = 3009
Error - 5/10/2012 3:25:51 AM | Computer Name = LIVINGROOM2 | Source = LoadPerf |
ID = 3003

Description = The SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0\Performance key could not be opened or accessed in order to install counter
strings.The Win32 status returned by the call is the first DWORD in Data
section.
Error - 5/10/2012 3:25:51 AM | Computer Name = LIVINGROOM2 | Source = LoadPerf |
ID = 3009

Error - 5/10/2012 3:43:08 AM | Computer Name = LIVINGROOM2 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 5/16/2012 7:35:35 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 5/31/2012 8:27:03 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 6/14/2012 3:40:44 AM | Computer Name = LIVINGROOM2 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/25/2012 4:53:42 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi65.tmp, version 1.61.9511.0, fault address 0x0000ed35.

Error - 7/21/2012 2:29:03 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1132.57, faulting module
chrome.dll, version 20.0.1132.57, fault address 0x00f710bf.

Error - 7/30/2012 1:45:06 PM | Computer Name = LIVINGROOM2 | Source = .NET Runtime | ID = 1023
Description = Application: TWCApp.exe Framework Version: v4.0.30319 Description: The
process was terminated due to an internal error in the .NET Runtime at IP 792D7AED
(79140000) with exit code 80131506.

Error - 8/20/2012 12:23:27 AM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

[ Application Events ]
Error - 5/10/2012 3:09:07 AM | Computer Name = LIVINGROOM2 | Source = LoadPerf | ID = 3009
Error - 5/10/2012 3:25:51 AM | Computer Name = LIVINGROOM2 | Source = LoadPerf |
ID = 3003

Description = The SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0\Performance key could not be opened or accessed in order to install counter
strings.The Win32 status returned by the call is the first DWORD in Data
section.
Error - 5/10/2012 3:25:51 AM | Computer Name = LIVINGROOM2 | Source = LoadPerf |
ID = 3009

Error - 5/10/2012 3:43:08 AM | Computer Name = LIVINGROOM2 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 5/16/2012 7:35:35 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 5/31/2012 8:27:03 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 6/14/2012 3:40:44 AM | Computer Name = LIVINGROOM2 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/25/2012 4:53:42 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi65.tmp, version 1.61.9511.0, fault address 0x0000ed35.

Error - 7/21/2012 2:29:03 PM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1132.57, faulting module
chrome.dll, version 20.0.1132.57, fault address 0x00f710bf.

Error - 7/30/2012 1:45:06 PM | Computer Name = LIVINGROOM2 | Source = .NET Runtime | ID = 1023
Description = Application: TWCApp.exe Framework Version: v4.0.30319 Description: The
process was terminated due to an internal error in the .NET Runtime at IP 792D7AED
(79140000) with exit code 80131506.

Error - 8/20/2012 12:23:27 AM | Computer Name = LIVINGROOM2 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

[ OSession Events ]
Error - 11/22/2008 5:50:46 PM | Computer Name = LIVINGROOM2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 75966
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/11/2012 8:12:24 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/13/2012 8:13:15 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/14/2012 11:35:17 AM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/15/2012 6:46:43 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/15/2012 10:31:25 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/16/2012 10:26:19 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/21/2012 12:58:02 AM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/21/2012 10:13:33 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/21/2012 10:32:00 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/23/2012 10:52:39 PM | Computer Name = LIVINGROOM2 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.


< End of report >


Thanks.
  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Haven't had any time to use computer after scans, so it's hard to tell in this short time of any changes in performance.

OK fair enough.

Peer to Peer Advice:

I see µTorrent installed. If you have used this recently, you can be fairly confident this is a principal reason your computer is/became infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall the aforementioned. However if you opt not to...please refrain from using it for the duration of the malware removal process, thank you.

Viewpoint Software Advice:

This is just to make you aware of the nature of the aforementioned applications(you have Viewpoint Media Player installed). Though not exactly classed as malware they do have some undesirable characteristics. However there is not point uninstalling...as the AIM Search, AIM Toolbar AND AIM 6 software you have installed, next time used will download/install the aforementioned again with out your knowledge. Isn't that nice of AOL and their applications. :bashhead:

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 9.4.7
Advanced SystemCare 3 <-- The vendor has a unsavoury reputation. This type of application ultimately will prove of limited use and has the potential to turn a machine into little more than a useless doorstop.
Java™ 6 Update 21
HijackThis 2.0.2 <-- Out of date and not effective at detecting modern malware. However if you have used it recently to remove anything, do not uninstall and inform myself of such.
Malwarebytes' RogueRemover <-- Out of date/no longer supported. Plus you do have Malwarebytes Anti-Malware installed anyway.
Wise Disk Cleaner 5.83 <-- Not particularly effective at all, TFC (Temp File Cleaner) is both a safer and more effective option.
Wise Registry Cleaner 5.9.1 <--This type of application ultimately will prove of limited use and has the potential to turn a machine into little more than a useless doorstop.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Temp Disable WinPatrol:

This is so it will not hinder the Custom OTL Script below, it will automatically start after the system reboot...

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program >> Yes.
Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No CLSID value found
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (no name) - {369610E7-39B5-475B-880B-25E463B8567C} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (Quixley_KMb Toolbar) - {DA566842-D620-41BF-8A10-149CFA14035D} - C:\Program Files\Quixley_KMb\prxtbQuix.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job
C:\Program Files\Quixley_KMb

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlmnKd]

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#8
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
The computer seems to be running better, right now no freezes.
Here's the OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{369610E7-39B5-475B-880B-25E463B8567C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369610E7-39B5-475B-880B-25E463B8567C}\ not found.
Registry value HKEY_USERS\S-1-5-21-583907252-1682526488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DA566842-D620-41BF-8A10-149CFA14035D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA566842-D620-41BF-8A10-149CFA14035D}\ deleted successfully.
C:\Program Files\Quixley_KMb\prxtbQuix.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\002539_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml122.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml123.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml124.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml7E.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml7F.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml80.tmp deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Program Files\GUM6F.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:522EA216 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Scott\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Scott\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\Program Files\Quixley_KMb folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlmnKd\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 290394301 bytes
->Temporary Internet Files folder emptied: 630696 bytes
->Java cache emptied: 314645 bytes
->FireFox cache emptied: 62077902 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 260530 bytes

User: All Users

User: Ashley
->Temp folder emptied: 4845 bytes
->Temporary Internet Files folder emptied: 6860736 bytes
->FireFox cache emptied: 96261767 bytes
->Flash cache emptied: 2010777 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Desktop

User: Diane
->Temp folder emptied: 45476805 bytes
->Temporary Internet Files folder emptied: 160870 bytes
->Java cache emptied: 465557 bytes
->FireFox cache emptied: 99478575 bytes
->Google Chrome cache emptied: 7369178 bytes
->Flash cache emptied: 317946 bytes

User: Jonathan
->Temp folder emptied: 571827052 bytes
->Temporary Internet Files folder emptied: 342804 bytes
->Java cache emptied: 1571523 bytes
->FireFox cache emptied: 94166192 bytes
->Flash cache emptied: 41075 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Michael
->Temp folder emptied: 2299223686 bytes
->Temporary Internet Files folder emptied: 33160591 bytes
->Java cache emptied: 65932023 bytes
->FireFox cache emptied: 46088629 bytes
->Google Chrome cache emptied: 6145624 bytes
->Flash cache emptied: 878170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 121688 bytes
->Flash cache emptied: 405 bytes

User: Owner
->Temp folder emptied: 1486324712 bytes
->Temporary Internet Files folder emptied: 46404008 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53264809 bytes
->Google Chrome cache emptied: 32322585 bytes
->Flash cache emptied: 49800 bytes

User: Scott

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1752100004 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 443695562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 171 bytes

Total Files Cleaned = 7,196.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08242012_005934

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KQJ1Z0XZ\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FLORK1ZR\ads[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FLORK1ZR\page__pid__2194785[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F4TXHQH4\ads[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F4TXHQH4\ads[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1O8M9MN5\ads[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Here's the MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: LIVINGROOM2 [administrator]

8/24/2012 1:26:48 AM
mbam-log-2012-08-24 (01-26-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303861
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks.
  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

The computer seems to be running better, right now no freezes.

Good.

Thanks.

You're welcome!

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and click on OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Double-click on aswMBR.exe to start the application.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).
  • 0

#10
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
I ran the chkdsk script, but I get no log on my desktop, I even tried a second time, same result. Any where else I can find it?
  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I ran the chkdsk script, but I get no log on my desktop, I even tried a second time, same result. Any where else I can find it?

OK lets try and run it another way as follows...

Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
Del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this Posted Image
Now double-click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.
  • 0

#12
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
Same problem, still no file on the desktop.
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Same problem, still no file on the desktop.

Carry out the below please then re-try Check Hard Disk For Errors again and let myself know the outcome, thank you.

Repair File Extensions:

Download System Repair Engineer

Scroll down to System Repair Engineer 2.8.4.1331 and click on the Local Download button to do so.

  • Extract it to Desktop and double click SREng.exe to run it.
  • Select System Repair from the left pane.
  • Click on File Association.
  • Select all entries that has an Error status click [Repair].
  • Refer to this image for an example:

    Posted Image
  • Close SREng.

  • 0

#14
dimills

dimills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
I ran System Repair, and the only value it had me repair was .CHM, everything else was normal.
I reran the Check Hard Disk For Errors, but the result was the same, there was no checkhd.txt file saved on the desktop.
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I ran System Repair, and the only value it had me repair was .CHM, everything else was normal.

OK.

I reran the Check Hard Disk For Errors, but the result was the same, there was no checkhd.txt file saved on the desktop.

I must admit no good reason as to why this is occurring though possible either the installed CA Client or SensorsView is hindering the creation of the notepad file for example. OK in the great scheme of things this is not a major issue and it may just be down to the vagaries of your machine.

We will go ahead and perform some in-depth maintenance in due course anyway.

For now just proceed with my prior Scan with aswMBR instructions in post #9 and we will go from there, thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP