Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUP.facethemes Issue [Solved]


  • This topic is locked This topic is locked

#16
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Thanks godawgs. I am having anissue updating the anti-virus software at this point. I may need to delete it and install a new one. I will get that done this morning. Here is the first OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Presenter
->Temp folder emptied: 628006 bytes
->Temporary Internet Files folder emptied: 11277952 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 152662872 bytes
->Apple Safari cache emptied: 1463296 bytes
->Flash cache emptied: 506 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 158.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01242013_103341

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_4c8.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


And the 2nd


OTL logfile created on: 1/24/2013 10:41:15 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.64% Memory free
4.84 Gb Paging File | 4.05 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 187.34 Gb Free Space | 62.85% Space Free | Partition Type: NTFS

Computer Name: TS8730WIMAGE | User Name: Presenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/22 09:33:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/04 16:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/10/12 16:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2012/03/26 02:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 18:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/02 09:46:40 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 07:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 07:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/05/26 21:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 21:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 05:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/12/06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 07:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 15:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 06:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 11:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/12 13:55:10 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/12 13:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/06 12:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 12:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 12:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 12:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 15:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/13 10:09:47 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll
MOD - [2013/01/13 10:08:51 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c8aa45e46a5a90e65984b1a2591c0ca7\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/13 10:08:30 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/13 10:06:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/13 10:06:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/13 10:06:05 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/13 10:05:05 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/13 10:05:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/13 09:56:44 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 12:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 12:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/17 18:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2009/02/27 05:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/05/12 13:51:50 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/05/12 13:49:02 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/04/14 07:00:00 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2008/04/14 07:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 07:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/02 07:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/12/06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 07:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 06:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 11:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/06 12:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 12:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 12:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 17:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/12/03 12:01:06 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121203.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/12/03 12:01:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/03 12:01:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/03 12:01:06 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121203.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/11/15 23:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/12/18 11:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 11:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/12/17 17:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 12:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 09:12:45 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/02 07:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 07:21:36 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/07/02 07:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 07:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/07/02 07:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/02 07:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 07:16:16 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/03/31 11:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 04:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/03/19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 22:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 13:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/28 17:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/03/28 17:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/20 00:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = Comcast
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2010/07/11 20:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/23 12:04:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bitdefender.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0A3EEB-CB54-425B-9A65-6F512B4E88CC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (VPNGina.dll) - C:\WINDOWS\System32\vpngina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 14:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/24 10:34:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/23 13:51:16 | 000,350,915 | ---- | C] (Farbar) -- C:\Documents and Settings\Presenter\Desktop\FSS.exe
[2013/01/23 13:29:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/23 12:12:15 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller.exe
[2013/01/23 11:53:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/23 11:53:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/23 11:53:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/23 11:53:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/23 11:51:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/23 11:51:15 | 005,026,296 | R--- | C] (Swearware) -- C:\Documents and Settings\Presenter\Desktop\ComboFix.exe
[2013/01/23 11:17:16 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller
[2013/01/23 11:00:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/22 20:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2013/01/22 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2013/01/22 09:32:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2013/01/18 09:36:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/18 09:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/18 09:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2013/01/17 23:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Start Menu\Programs\System Progressive Protection
[2013/01/17 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD

========== Files - Modified Within 30 Days ==========

[2013/01/24 10:43:34 | 000,523,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/24 10:43:34 | 000,095,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/24 10:39:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/24 10:38:52 | 000,035,285 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/24 10:36:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/24 10:28:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2013/01/23 20:32:37 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/23 20:32:37 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2013/01/23 20:28:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2013/01/23 13:52:53 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SecurityCheck.exe
[2013/01/23 13:51:27 | 000,350,915 | ---- | M] (Farbar) -- C:\Documents and Settings\Presenter\Desktop\FSS.exe
[2013/01/23 12:15:03 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller.exe
[2013/01/23 12:04:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/23 11:17:16 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller
[2013/01/23 11:09:59 | 005,026,296 | R--- | M] (Swearware) -- C:\Documents and Settings\Presenter\Desktop\ComboFix.exe
[2013/01/22 20:09:56 | 006,325,248 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\EMET Setup.msi
[2013/01/22 09:33:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2013/01/18 20:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/18 09:36:24 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/13 10:15:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 10:00:03 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/13 09:40:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 08:12:13 | 000,047,685 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\IMG952187.jpg
[2013/01/02 12:50:36 | 000,148,202 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\xfer.pdf

========== Files Created - No Company Name ==========

[2013/01/23 13:52:47 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SecurityCheck.exe
[2013/01/23 11:53:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/23 11:53:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/23 11:53:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/23 11:53:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/23 11:53:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/22 20:09:51 | 006,325,248 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\EMET Setup.msi
[2013/01/06 08:12:11 | 000,047,685 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\IMG952187.jpg
[2013/01/02 12:50:36 | 000,148,202 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\xfer.pdf
[2012/02/15 20:52:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 22:51:57 | 000,038,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/28 15:05:15 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2011/01/28 15:05:15 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009/10/08 09:26:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Presenter\JavaConnect.ini
[2009/08/12 06:32:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 10:43:17 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.bak

========== ZeroAccess Check ==========

[2009/07/02 08:45:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 00:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/14 23:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/05 10:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/06/01 08:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2012/11/10 19:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/01/16 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/02/12 10:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2013/01/18 06:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD
[2011/06/01 08:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2013/01/18 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/13 10:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/01/27 11:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2012/04/02 22:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/20 07:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2010/08/04 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/11/03 16:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 20:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/29 22:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/16 21:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Bytemobile
[2012/01/16 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\CheckPoint
[2012/01/21 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\ElevatedDiagnostics
[2011/06/01 08:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Flip Video
[2010/06/14 11:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2012/04/02 22:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Research In Motion
[2010/02/16 21:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Sierra Wireless
[2010/01/27 13:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Desktop Search
[2010/01/30 23:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Search
[2010/07/14 21:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\WinPatrol
[2009/10/08 08:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Xerox

========== Purity Check ==========



< End of report >


I crfeated a sys restore point as instructed and then turned it off, rebooted and turned it back on. Hopefully things are looking good now. Thanks again, you are an excellent human being.
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

If you are going to install a different AntiVirus, and I would recommend that as Symantic (Norton) takes up a lot of space and hogs system resources (memory).
I suggest you take a look at our Free Antivirus and Antispyware page.
The first three AVs under the Free Antivirus Software heading are excellent. But none of them include a firewall so you will need to turn the Windows Firewall on or scroll down to the Free Firewalls section and download one of those.

You will need to uninstall the Symantic AV and firewall before installing the new programs.
  • 0

#18
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
To uninstall I just go to add/remove and take out symantec, correct? Then I can cleanly install a new program from the section you suggested.
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yep. Uninstall everything Symantic or Norton. Then turn the Windows firewall on and download the AV program you want to install. Then install the new AV. If it complains about installing, let me know and we will use the removal tool for Norton.

Then if you decide to download one of the firewalls, download it then turn the windows firewall off before installing it.
  • 0

#20
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Godawgs, I have uninstalled symantec and installed windows security center. Ran a scan and things look good. Also have the firewall enabled. Hopefully this takes care of the issue. Can't thank you enough for your efforts in assisting me. I believe I may need to remove some of the tools we have used during this process, correct?
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I believe I may need to remove some of the tools we have used during this process, correct?

We will do that now.

OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall ComboFix
  • Click Start, ten click Run. This will display the Run dialogue box .
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled
Step-3.

OTL Cleanup

Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

From the desktop:

SecurityCheck.exe
checkup.txt


Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

Step-6.

Reenable SuperAntiSpyware If you still want it to provide real-time protection.

Follow the steps in post #4 and re-check the boxes you cleared when you disabled the program.

Something for your information. I noticed that you have HitMan Pro on the system. I would recommend that you uninstall it. I have seen many posts where HitMan and HitMan Pro have left a system unbootable after using it. Just food for thought. :)



Preventing Re-Infection-- Please pay special attention to the WARNING at the Keep Java Updated section.


Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

XP Users: You must use Internet Explorer to Update Windows.

1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.

:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :

  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#22
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Godawgs, you are the best. Thanks so much for all of your assistance. I will take more precaution while online. I know I need to be more vigilant and will be sure to adhereto your suggestions. I can't thank you enough fpor all of your help. I wish you the best in your future endeavors.
  • 0

#23
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Godawgs, I do have one more question. I have been unable to downkload and install a windows update

"MS13-004: Description of the security update for the .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 x64 Edition, Windows Server 2003 for Itanium Systems, Windows Vista, and Windows Server 2008: January 8, 2013"

This update has been shwoing up in the system tray and when I try to download it it is unsuccessful.Not sure if it is related to the above issues or if there is an easy way to get rid of it or fix it. Thanks again and have a nice weekend.
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Is this KB2742597? What error message are you getting? Have you installed any other updates since this one failed?
  • 0

#25
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
KB2742597 is correct. Installed KB2310138 (Definition 1.143.838.0)and KB2799329 since I have been unable to install the other one.

It just says some updates were not installed and then

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

Error Code: 0x643
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
This update, KB2742597, requires Windows Installer 3.1 or above. So that's where we want to start. Let's see what version you have:

Click Start, then click Run
In the Open box type msiexec -? and press the Enter key.
A Windows Installer window will pop up showing the version of Windows Installer on the system. Let me know what version you have.
  • 0

#27
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
V 3.01.4001.5512
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yep, it appears that the Windows Installer version on your system is only 3.01. Let's update it to the latest version. This will put version 4.5 on the system.

Step-1.

  • Please go to the Microsoft page here
  • Make sure that the language shows as English. If it doesn't, click the down arrow and change it to English.
  • Under the File name section, Find the file named WindowsXP-KB942288-v3-x86.exe. It will be 3.2MB in size.(It should be the last file in the list)
    • Make sure you download this file. The other files are for different operating systems
  • Click the Download button next to it and Save the file to the Desktop
  • Close the browser and all other open windows.
  • Double click the WindowsXP-KB942288-v3-x86.exe file to run the program and update the Windows Installer.
  • After the installation has finished, reboot the computer.

Step-2.

Go back to the Windows Update site and see if the Update will install now.

Let me know what happened.
  • 0

#29
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
I followed the steps and still no joy.

New version is Windows ® Installer. V 4.5.6001.22159

Installation Failure

Error Code: 0x643

This is what I am trying to install.

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK. Let's try to install it using the stand alone installer.

  • Please download the KB2742597 update here
  • Make sure the Language is correct and click the Download button.
    Save the file to the desktop
  • Close the browser and all open windows.
  • Double click the NDP1.1sp1-KB2742597-X86.exe file to install the update.
If the installation was successful, reboot the computer.

If you get errors similar to the ones in the following image:

Posted Image

Take a screen shot and post it in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP