Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winscrmde has stopped working / computer very slow

Started by Timbob610 , Aug 25 2012 02:05 PM

  • Please log in to reply

#1
Timbob610
Posted 25 August 2012 - 02:05 PM

Timbob610

    New Member

  • Member
  • Pip
  • 4 posts
Good Afternoon,
I am trying to finally and fully deal with a virus/malware item that has been on my computer for some time. I am running Windows Vista Home Premius with Service Pack 2. It is a Dell Inspiron 530S Pentium Dual Core CPU. 4.00 GB RAM and 64-bit Operating System. This "has stopped working" error has been occurring for several months and I have not been able to get it to stop happening. Currently my computer has both Norton as well as Microsoft Security Essentials "protecting" it, but that hasn't helped and nor do their scans, though MSE did say it was quarantining the Alueron item. It really hasn't made a difference.

I am getting the "winrscmde stopped working and was closed" message incessantly. I have also gottent the same message with other programs that are running or have recently run.

Any guidance regarding actions to remove this seemingly deeply embedded item from my computer would be greatly appreciated. Also as you will see below, there is alot of junk on my computer from games that my partner had downloaded and I thought I had removed much of the excess stuff on here, but that is seemingly also still there.

I have run OTL by OldTimer and here is a copy of that log file:

OTL logfile created on: 8/25/2012 3:52:28 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Office\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.17% Memory free
8.15 Gb Paging File | 6.19 Gb Available in Paging File | 75.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 255.38 Gb Free Space | 56.62% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.38 Gb Free Space | 50.38% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OFFICE-PC | User Name: Office | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/25 15:51:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Office\Desktop\OTL.exe
PRC - [2012/08/18 12:28:31 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2009/03/16 17:37:52 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/03/16 17:37:40 | 001,622,488 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/01/27 16:21:32 | 002,143,232 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
PRC - [2009/01/27 16:18:12 | 000,425,472 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
PRC - [2009/01/27 16:05:46 | 000,315,392 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
PRC - [2009/01/27 16:03:54 | 000,520,192 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TranscodingService.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
MOD - [2009/05/26 18:08:38 | 000,554,456 | ---- | M] () -- C:\Users\Office\AppData\LocalLow\comcasttb\comcasttb.dll
MOD - [2009/04/09 15:49:28 | 000,091,608 | ---- | M] () -- C:\Program Files (x86)\comcasttb\comcastdx.dll
MOD - [2009/03/16 17:37:40 | 001,622,488 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/01/27 16:07:12 | 000,259,584 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\Id3Lib.dll
MOD - [2008/12/22 14:54:24 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\libmatroska.dll
MOD - [2008/12/22 13:49:50 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\libebml.dll
MOD - [2008/12/22 13:43:04 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\LibEay32.dll
MOD - [2008/12/22 13:43:04 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\SslEay32.dll
MOD - [2008/12/22 13:41:48 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\loudmouth.dll
MOD - [2003/01/30 06:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files (x86)\TiVo\Desktop\StlpMt45.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 00:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 03:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/18 12:28:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 17:37:52 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/29 17:16:57 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/07/02 03:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/02 03:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/07/02 03:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/07/02 03:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/02 03:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/05 05:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/01 19:37:00 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WG111Tvx.sys -- (WG111T)
DRV:64bit: - [2006/11/28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2012/08/22 20:56:30 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120824.034\ex64.sys -- (NAVEX15)
DRV - [2012/08/22 20:56:29 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120824.034\eng64.sys -- (NAVENG)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 12:24:06 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 12:24:06 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2003/06/20 04:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D7E1D52E-927D-4F77-9C44-60C5D3A58A0B}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GFRE_enUS317
IE - HKCU\..\SearchScopes\{7ECCE87F-E9EB-432A-A65B-A656BA35F4F7}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/09 04:23:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/25 15:49:45 | 000,000,000 | ---D | M]

[2011/07/30 10:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Office\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chrco.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinn...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://webgames.d.tm...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://chill.comcast...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingb...SlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://webgames.d.tm...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://webgames.d.tm..._gold/shapo.cab (TikGames Online Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://chill.comcast...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C9B112E-BCF1-423F-BBDC-107196398026}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Office\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Office\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 15:51:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Office\Desktop\OTL.exe
[2012/08/25 15:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/25 15:22:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/25 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/25 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\Office\AppData\Local\Apps
[2012/08/22 20:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/22 20:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/18 16:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/08/18 16:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/08/18 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Office\AppData\Local\ElevatedDiagnostics
[2012/08/18 14:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/08/18 14:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/08/18 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\Office\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/10 15:49:48 | 000,141,240 | ---- | C] (RealNetworks, Inc.) -- C:\Users\Office\GoldMinerSE_AOLSetup-dm.exe

========== Files - Modified Within 30 Days ==========

[2012/08/25 15:55:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 15:55:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 15:52:56 | 000,606,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/25 15:52:56 | 000,105,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/25 15:52:55 | 000,706,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/25 15:51:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Office\Desktop\OTL.exe
[2012/08/25 15:46:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/25 15:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 15:46:15 | 4283,617,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/25 15:27:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/25 15:23:59 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/25 15:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/25 14:00:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/22 20:32:03 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/22 20:31:33 | 000,721,800 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/22 20:31:29 | 003,176,916 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012/08/18 13:15:15 | 000,304,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/18 12:59:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/08/18 12:49:36 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/08/18 12:31:24 | 000,000,901 | ---- | M] () -- C:\Users\Office\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/10 19:31:41 | 000,064,000 | ---- | M] () -- C:\Users\Office\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/10 09:21:51 | 000,002,278 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk

========== Files Created - No Company Name ==========

[2012/08/25 15:23:59 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 20:32:03 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/22 20:31:55 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/22 20:31:33 | 000,721,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/18 16:34:44 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/08/18 12:54:17 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
[2012/08/18 12:49:36 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/04/19 07:41:07 | 000,000,236 | ---- | C] () -- C:\Users\Office\AppData\Roaming\wklnhst.dat
[2011/08/04 13:58:03 | 000,060,304 | ---- | C] () -- C:\Users\Office\g2mdlhlpx.exe
[2011/06/18 19:25:43 | 000,000,000 | ---- | C] () -- C:\Users\Office\AppData\Local\{0956C008-0A42-427C-AC87-42F4AF8CB129}
[2011/05/18 16:51:56 | 000,001,940 | ---- | C] () -- C:\Users\Office\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/03/19 17:05:28 | 000,000,680 | ---- | C] () -- C:\Users\Office\AppData\Local\d3d9caps.dat
[2009/03/08 15:22:18 | 000,064,000 | ---- | C] () -- C:\Users\Office\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/03/24 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\CallingID
[2012/08/18 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/14 16:44:14 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\DreamDale
[2011/10/20 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\FlixsterCollections
[2009/08/01 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Fuel Industries
[2010/07/24 13:53:53 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\funkitron
[2010/05/22 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\GameHouse
[2009/07/18 13:57:07 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\GOL_byHasbro
[2011/04/06 22:55:10 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\ImTOO
[2011/07/30 11:03:57 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Ludia
[2009/06/14 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\MagicBall4
[2009/03/09 00:41:47 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Masque
[2009/03/30 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\MusicNet
[2010/07/24 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Namco
[2009/03/15 13:58:09 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Oberon Media
[2009/04/23 15:22:46 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Sling Media
[2011/07/05 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Temp
[2012/04/19 07:41:10 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Template
[2012/04/23 11:18:30 | 000,000,000 | ---D | M] -- C:\Users\Office\AppData\Roaming\Tific
[2012/08/25 15:44:12 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:02C1CB6D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C8E8B258
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A833FADB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:090FB735

< End of report >


Thank you so much for helping with my computer issue.
~TimBob
  • 0

Advertisements

#2
WhiteHat
Posted 25 August 2012 - 02:13 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Timbob610 and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


  • 0

#3
WhiteHat
Posted 25 August 2012 - 02:23 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

g. Currently my computer has both Norton as well as Microsoft Security Essentials "protecting" it

You have two antivirus installed on your computer (Norton and Microsoft Security Essentials). Please uninstall one of them because have both installed brings no benefit for computer security. Besides, They can compete with each other for system resources. More than one AV running has been known to produce false positives, and you end up with less protection.

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Microsoft Security Essentials or Norton

NEXT

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Timbob610
Posted 25 August 2012 - 02:39 PM

Timbob610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Very well,
Thanks for the promptness of your replies.
I have uninstalled Norton and restarted the computer.
"winrscmde stopped working..." popped up immediately.
Every time i close it, it pops up again within seconds.

I did as asked and that scan only took seconds. Below is the log file:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 16:34:54
-----------------------------
16:34:54.239 OS Version: Windows x64 6.0.6002 Service Pack 2
16:34:54.239 Number of processors: 2 586 0x1706
16:34:54.240 ComputerName: OFFICE-PC UserName: Office
16:35:06.264 Initialize success
16:35:29.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:35:29.404 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
16:35:29.406 Device \Driver\atapi -> MajorFunction fffffa80062135c4
16:35:29.459 Disk 0 MBR read successfully
16:35:29.461 Disk 0 MBR scan
16:35:29.463 Disk 0 TDL4@MBR code has been found
16:35:29.465 Disk 0 Windows VISTA default MBR code found via API
16:35:29.468 Disk 0 MBR hidden
16:35:29.506 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:35:29.557 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:35:29.624 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
16:35:29.627 Disk 0 MBR [TDL4] **ROOTKIT**
16:35:29.631 Disk 0 trace - called modules:
16:35:29.637 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80062135c4]<<hal.dll
16:35:29.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b45790]
16:35:29.645 3 CLASSPNP.SYS[fffffa6000bd3c33] -> nt!IofCallDriver -> [0xfffffa800488c520]
16:35:29.650 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048884b0]
16:35:29.654 \Driver\atapi[0xfffffa80060bbdf0] -> IRP_MJ_CREATE -> 0xfffffa80062135c4
16:35:29.658 Scan finished successfully
16:36:03.356 Disk 0 MBR has been saved successfully to "C:\Users\Office\Desktop\MBR.dat"
16:36:03.379 The log file has been saved successfully to "C:\Users\Office\Desktop\aswMBR.txt"
  • 0

#5
WhiteHat
Posted 27 August 2012 - 12:19 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay.

For x64 bit systems please download Listparts64
Run the tool, check the box List BCD, click Scan and post the log (Result.txt) it makes.
  • 0

#6
Timbob610
Posted 27 August 2012 - 06:09 PM

Timbob610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
istParts by Farbar Version: 10-08-2012
Ran by Office (administrator) on 27-08-2012 at 20:06:44
Windows Vista (X64)
Running From: C:\Users\Office\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 44%
Total physical RAM: 4084.27 MB
Available physical RAM: 2261.28 MB
Total Pagefile: 8341.82 MB
Available Pagefile: 6355.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:255.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.38 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 40 MB
Partition 3 Primary 451 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy System (partition with boot components)

======================================================================================================
==========================================================
TDL4: custom:26000022


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {5460d9d1-d391-11dc-9d9f-aba67a8797c5}
resumeobject {5460d9d2-d391-11dc-9d9f-aba67a8797c5}
displayorder {5460d9d1-d391-11dc-9d9f-aba67a8797c5}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {5460d9d1-d391-11dc-9d9f-aba67a8797c5}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {5460d9d2-d391-11dc-9d9f-aba67a8797c5}
nx OptIn

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=D:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=D:
systemroot \Windows
nx OptIn
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {5460d9d2-d391-11dc-9d9f-aba67a8797c5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
custom:26000022 Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
  • 0

#7
WhiteHat
Posted 28 August 2012 - 02:17 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
That's our problem.

TDL4: custom:26000022


Do you have the Windows Vista DVD?

I need to know if you have the Recovery Console in your computer. To see this, follow these steps:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • See if the option Repair your computer exist:
    Posted Image

  • 0

#8
Timbob610
Posted 29 August 2012 - 09:00 AM

Timbob610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Good Morning,
It does appear that I have the Operating System Reinstallation DVD for Windows Vista Home Premium 64BIT SP1. It came with the computer. Also the Repair your Computer option does show up on that screen following my tapping of F8 upon restart.

Thanks again~
TimBob
  • 0

#9
WhiteHat
Posted 29 August 2012 - 12:18 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP