Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

high iexplorer memory usage [Solved]

Started by mblakes , Sep 18 2013 08:28 PM

  • This topic is locked This topic is locked

#1
mblakes
Posted 18 September 2013 - 08:28 PM

mblakes

    New Member

  • Member
  • Pip
  • 8 posts
Hi,

Within the last week or so I've noticed my computer has been running slow. I have norton 360 and its found nothing. I've freed up space on the hard drive but that didnt help either. If I unplug the internet cord, then my computer runs ok, but with internet it runs slow and sometimes freezes. I've noticed with i reboot it I have the internet plugged in- then the computer usually freezes but if I let it put up then plug it in, i can slowly use the interent. My task manager has my iexplorer.exe at over 300,000k and I'm constantly getting the "high memory usage" report for iexplorer.

Please help me and thank you for your time.



Here is my log from the otl:

OTL logfile created on: 9/18/2013 9:13:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\casey \Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.66% Memory free
4.69 Gb Paging File | 3.55 Gb Available in Paging File | 75.71% Paging File free
Paging file location(s): C:\pagefile.sys 2973 8185 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.79 Gb Total Space | 72.52 Gb Free Space | 49.74% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 68.97 Gb Free Space | 24.68% Space Free | Partition Type: NTFS

Computer Name: WINXP_HOME | User Name: casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 21:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\casey \Desktop\OTL.exe
PRC - [2013/09/04 13:44:11 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/25 21:48:08 | 000,228,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2012/10/04 21:52:43 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/14 12:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 12:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 11:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/13 17:55:18 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/06/13 17:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2010/09/13 10:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 10:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/14 04:17:48 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 04:17:48 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/14 04:17:43 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/14 04:09:56 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\40ea80adb0fbe21bc953ac641f033a04\System.Web.Services.ni.dll
MOD - [2013/08/14 04:06:25 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/14 04:04:59 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/08/14 03:54:21 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/14 03:41:12 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a10f361c888b8b98f7ad1fa8d7a51516\System.Data.ni.dll
MOD - [2013/08/14 03:39:34 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/14 03:38:38 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 03:37:58 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/08/14 03:37:33 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 03:24:57 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/14 03:24:05 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a12a09aaa2c560a808dea7eaba5040c1\System.Windows.Forms.ni.dll
MOD - [2013/08/14 03:23:13 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/14 03:16:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/10 03:55:52 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/07/10 03:48:32 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 03:48:23 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/10 03:39:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2010/09/13 10:48:20 | 000,097,384 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2003/05/15 01:03:46 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/04 13:44:11 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/14 12:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 12:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/13 17:55:18 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2010/09/13 10:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/03 17:26:28 | 001,097,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/08/28 19:09:50 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130918.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/28 19:09:50 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130918.001\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/26 21:06:42 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/26 21:06:42 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys -- (EraserUtilDrv11311)
DRV - [2013/08/20 17:51:32 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130918.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/06/17 17:15:06 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 00:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 00:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 00:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 19:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 20:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/04 20:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {02813980-DE12-4485-A8B8-EE33A55F56F7}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {02813980-DE12-4485-A8B8-EE33A55F56F7}
IE - HKCU\..\SearchScopes\{02813980-DE12-4485-A8B8-EE33A55F56F7}: "URL" = http://search.condui...3714193816&UM=2
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\CASEYA~1\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/09/18 16:30:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/16 18:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/04 21:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/06/11 16:17:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/16 18:56:11 | 000,000,000 | ---D | M]

[2013/08/21 15:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\casey \Application Data\Mozilla\Extensions

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O4 - Startup: C:\Documents and Settings\casey \Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2F781383-BAA0-4ED1-8D9E-AF9F12139097} http://pro.myphotopi...s/Uploader8.cab (Uploader Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0466AE6C-C1A8-401E-8583-B25C3EC5BF17}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\casey \Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\casey \Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/11 15:56:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell - "" = AutoRun
O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{b784ce95-f1dc-11df-ba03-001372377827}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/18 21:12:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\casey \Desktop\OTL.exe
[2013/09/17 20:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \Local Settings\Application Data\NPE
[2013/08/25 16:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \My Documents\Sunday School 2013 calendar
[2013/08/23 17:20:04 | 001,037,120 | ---- | C] (Solid State Networks) -- C:\Documents and Settings\casey \My Documents\AdobeReaderSetup.exe
[2013/08/21 15:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
[2013/08/21 15:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \Local Settings\Application Data\visi_coupon
[2013/08/21 15:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \Local Settings\Application Data\FileTypeAssistant
[2013/08/21 15:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2013/08/21 15:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \Application Data\Mozilla
[2013/08/21 14:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \Application Data\GoforFiles
[2013/08/20 09:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey \Application Data\RealNetworks
[2013/03/28 20:14:58 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\casey \Local Settings\Application Data\BcsKtYcHW.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/18 21:13:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\casey \Desktop\OTL.exe
[2013/09/18 19:41:54 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_casey .job
[2013/09/18 16:31:07 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1482476501-725345543-1004.job
[2013/09/18 16:30:33 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/09/18 16:30:29 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_casey .job
[2013/09/18 16:30:29 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/09/18 16:30:29 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\FinalTorrent Update Checker.job
[2013/09/18 16:30:29 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GoforFilesUpdate.job
[2013/09/18 16:30:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/18 15:43:39 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1482476501-725345543-1004.job
[2013/09/17 21:58:31 | 000,000,304 | RHS- | M] () -- C:\boot.ini
[2013/09/17 19:31:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_casey .job
[2013/09/17 15:07:15 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/09/17 14:27:38 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\casey \Desktop\Microsoft Word 2010 (2).lnk
[2013/09/17 14:20:55 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/14 11:26:25 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\casey \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/14 11:23:14 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\casey \My Documents\Shortcut to My Music.lnk
[2013/09/13 03:40:12 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 03:21:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/09 17:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/08 16:04:01 | 000,003,848 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2013/08/28 15:23:28 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\casey \Desktop\Continue Adobe AIR Free Download Installation.lnk
[2013/08/23 17:31:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/08/23 17:20:04 | 001,037,120 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\casey \My Documents\AdobeReaderSetup.exe
[2013/08/23 17:18:52 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\casey \Desktop\Continue Adobe Reader Free Download Installation.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/14 11:23:16 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\casey \My Documents\Shortcut to My Music.lnk
[2013/09/04 02:09:01 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_casey .job
[2013/09/04 02:09:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_casey .job
[2013/09/04 02:09:00 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_casey .job
[2013/08/28 15:23:28 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\casey \Desktop\Continue Adobe AIR Free Download Installation.lnk
[2013/08/24 10:27:11 | 000,169,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/08/23 17:31:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/08/23 17:31:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/08/23 17:18:51 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\casey \Desktop\Continue Adobe Reader Free Download Installation.lnk
[2013/08/21 15:05:46 | 000,000,468 | ---- | C] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/08/21 15:05:44 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/08/21 15:05:11 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\FinalTorrent Update Checker.job
[2013/08/21 14:23:30 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\GoforFilesUpdate.job
[2013/03/28 20:14:55 | 000,893,239 | ---- | C] () -- C:\Documents and Settings\casey \Local Settings\Application Data\a.zip
[2013/02/11 20:33:12 | 000,287,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1482476501-725345543-1004-0.dat
[2013/02/11 20:33:09 | 000,287,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/17 10:28:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/12 14:17:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\casey \Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/26 10:16:06 | 000,004,250 | ---- | C] () -- C:\Documents and Settings\casey \Application Data\wklnhst.dat
[2010/11/19 22:27:29 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\casey \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/15 07:50:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/20 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2013/08/12 13:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azwsoft
[2013/02/02 00:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2012/07/29 16:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/05/10 16:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2013/02/10 01:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/11/23 18:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\Amazon
[2013/08/03 15:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\calibre
[2011/04/11 11:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\Catalina Marketing Corp
[2013/03/28 20:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\Catalina – Print Savings
[2011/05/01 14:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\com.Shutterfly.ExpressUploader
[2013/07/19 16:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\eBookConverter
[2013/08/21 14:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\GoforFiles
[2013/06/26 21:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\JCP
[2013/06/30 13:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\mjusbsp
[2011/05/10 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\MyHeritage
[2013/01/28 15:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\MyPublisher
[2013/07/19 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\PriceGong
[2010/12/26 10:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\Template
[2013/09/08 16:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\The Complete Genealogy Reporter - FTB
[2011/09/27 11:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\casey \Application Data\Tific

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 22 September 2013 - 10:31 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mblakes,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The 32-bit one will be the right version for your machine.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
mblakes
Posted 23 September 2013 - 02:02 PM

mblakes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks for the help

frst:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by casey (administrator) on WINXP_HOME on 23-09-2013 14:55:58
Running from C:\Documents and Settings\casey \Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\MSMSGS.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\dumprep.exe
(Microsoft Corporation) C:\WINDOWS\System32\rsmsink.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Family Tree Builder Update] - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-11-27] (MyHeritage)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296096 2012-10-04] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [WD Drive Unlocker] - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\MSMSGS.EXE [1695232 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [cdloader] - C:\Documents and Settings\casey \Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
MountPoints2: {58e0626e-aad2-11e1-ba64-001372377827} - G:\KODAK_Camera_Setup_App.exe
MountPoints2: {b784ce95-f1dc-11df-ba03-001372377827} - G:\setupSNK.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\casey \Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope {02813980-DE12-4485-A8B8-EE33A55F56F7} URL =
SearchScopes: HKCU - DefaultScope {02813980-DE12-4485-A8B8-EE33A55F56F7} URL = http://search.condui...3714193816&UM=2
SearchScopes: HKCU - {02813980-DE12-4485-A8B8-EE33A55F56F7} URL = http://search.condui...3714193816&UM=2
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {2F781383-BAA0-4ED1-8D9E-AF9F12139097} http://pro.myphotopi...s/Uploader8.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

========================== Services (Whitelisted) =================

R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-13] (Western Digital)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 A3AB; C:\Windows\System32\DRIVERS\A3AB.sys [547744 2007-05-23] (D-Link Corporation)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx86.sys [1097816 2013-09-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-26] (Symantec Corporation)
R3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
R3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130921.001\IDSxpx86.sys [380832 2013-08-20] (Symantec Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130923.003\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130923.003\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 14:51 - 2013-09-23 14:51 - 00000000 ____D C:\FRST
2013-09-23 14:48 - 2013-09-23 14:49 - 01088367 _____ (Farbar) C:\Documents and Settings\casey \Desktop\FRST.exe
2013-09-18 22:54 - 2013-09-18 22:54 - 00077696 _____ C:\Documents and Settings\casey \My Documents\bookmark.htm
2013-09-18 21:18 - 2013-09-18 21:18 - 00075024 _____ C:\Documents and Settings\casey \Desktop\OTL.Txt
2013-09-18 21:18 - 2013-09-18 21:18 - 00054506 _____ C:\Documents and Settings\casey \Desktop\Extras.Txt
2013-09-18 21:12 - 2013-09-18 21:13 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\casey \Desktop\OTL.exe
2013-09-17 20:43 - 2013-09-17 21:58 - 00000000 ____D C:\Documents and Settings\casey \Local Settings\Application Data\NPE
2013-09-14 11:23 - 2013-09-14 11:23 - 00000379 _____ C:\Documents and Settings\casey \My Documents\Shortcut to My Music.lnk
2013-09-13 11:34 - 2013-09-13 11:34 - 00072280 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-09-13 11:28 - 2013-09-13 11:28 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-09-13 11:28 - 2013-09-13 11:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\FinalTorrent
2013-09-13 10:32 - 2013-09-13 16:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-13 10:32 - 2013-09-13 11:28 - 00000000 ____D C:\Documents and Settings\Administrator
2013-09-13 10:32 - 2013-09-13 10:32 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-09-13 10:32 - 2011-10-04 03:03 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-09-13 10:32 - 2010-11-12 10:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-09-13 10:32 - 2010-11-11 15:56 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-09-13 10:32 - 2010-11-11 15:56 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2013-09-13 10:32 - 2010-11-11 15:56 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-09-13 03:21 - 2013-09-13 03:21 - 00023151 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-13 03:16 - 2013-09-13 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 03:15 - 2013-09-13 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 03:15 - 2013-09-13 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 04:56 - 2013-09-13 03:16 - 00029199 _____ C:\WINDOWS\KB2876315.log
2013-09-12 04:56 - 2013-09-13 03:15 - 00028234 _____ C:\WINDOWS\KB2864063.log
2013-09-12 04:56 - 2013-09-13 03:15 - 00028228 _____ C:\WINDOWS\KB2876217.log
2013-09-04 13:44 - 2013-09-04 13:44 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-04 13:44 - 2013-09-04 13:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-04 13:44 - 2013-09-04 13:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-04 13:44 - 2013-09-04 13:44 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-04 02:09 - 2013-09-22 21:48 - 00000448 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_casey .job
2013-09-04 02:09 - 2013-09-22 18:32 - 00000442 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_casey .job
2013-09-04 02:09 - 2013-09-18 19:41 - 00000438 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_casey .job
2013-08-28 15:23 - 2013-08-28 15:23 - 00000986 _____ C:\Documents and Settings\casey \Desktop\Continue Adobe AIR Free Download Installation.lnk
2013-08-28 03:00 - 2013-08-28 03:00 - 00010647 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-25 16:11 - 2013-09-17 14:21 - 00000000 ____D C:\Documents and Settings\casey \My Documents\Sunday School 2013 calendar
2013-08-24 10:27 - 2013-08-24 10:27 - 00169680 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

==================== One Month Modified Files and Folders =======

2013-09-23 14:57 - 2013-02-10 03:37 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-09-23 14:51 - 2013-09-23 14:51 - 00000000 ____D C:\FRST
2013-09-23 14:49 - 2013-09-23 14:48 - 01088367 _____ (Farbar) C:\Documents and Settings\casey \Desktop\FRST.exe
2013-09-23 14:47 - 2010-11-11 19:34 - 01894564 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-22 22:10 - 2011-05-10 15:22 - 00003848 _____ C:\WINDOWS\MyHeritage.INI
2013-09-22 21:58 - 2010-11-11 15:55 - 00000000 ____D C:\WINDOWS\Registration
2013-09-22 21:48 - 2013-09-04 02:09 - 00000448 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_casey .job
2013-09-22 21:48 - 2013-08-21 15:05 - 00000412 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2013-09-22 21:48 - 2013-08-21 15:05 - 00000386 _____ C:\WINDOWS\Tasks\FinalTorrent Update Checker.job
2013-09-22 21:48 - 2013-08-21 14:23 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-09-22 21:48 - 2013-02-07 07:24 - 00000296 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1482476501-725345543-1004.job
2013-09-22 21:48 - 2012-04-03 14:32 - 00000304 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1482476501-725345543-1004.job
2013-09-22 21:48 - 2010-11-11 16:19 - 00081191 _____ C:\WINDOWS\system32\nvapps.xml
2013-09-22 21:48 - 2010-11-11 10:53 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-22 21:48 - 2010-11-11 10:53 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-22 21:47 - 2010-11-11 15:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-22 18:40 - 2011-07-19 17:09 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-09-22 18:40 - 2010-11-11 16:00 - 00032306 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-22 18:39 - 2010-11-11 16:02 - 00000178 ___SH C:\Documents and Settings\casey \ntuser.ini
2013-09-22 18:39 - 2010-11-11 16:02 - 00000000 ____D C:\Documents and Settings\casey
2013-09-22 18:37 - 2012-09-20 18:06 - 00034456 _____ C:\Documents and Settings\casey \My Documents\Address Book.xlsx
2013-09-22 18:32 - 2013-09-04 02:09 - 00000442 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_casey .job
2013-09-22 15:07 - 2013-08-21 15:07 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2013-09-22 15:07 - 2013-08-21 15:05 - 00000468 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2013-09-22 15:07 - 2013-08-21 15:05 - 00000000 ____D C:\Program Files\File Type Assistant
2013-09-22 13:32 - 2003-03-31 07:00 - 00013700 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-19 14:37 - 2013-08-19 14:39 - 00000000 ____D C:\Documents and Settings\casey \My Documents\Chris preschool 2013- 2014
2013-09-18 23:09 - 2011-07-19 00:34 - 00000110 _____ C:\WINDOWS\entpack.ini
2013-09-18 22:54 - 2013-09-18 22:54 - 00077696 _____ C:\Documents and Settings\casey \My Documents\bookmark.htm
2013-09-18 21:18 - 2013-09-18 21:18 - 00075024 _____ C:\Documents and Settings\casey \Desktop\OTL.Txt
2013-09-18 21:18 - 2013-09-18 21:18 - 00054506 _____ C:\Documents and Settings\casey \Desktop\Extras.Txt
2013-09-18 21:13 - 2013-09-18 21:12 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\casey \Desktop\OTL.exe
2013-09-18 19:41 - 2013-09-04 02:09 - 00000438 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_casey .job
2013-09-18 18:30 - 2012-03-14 03:02 - 00184078 _____ C:\WINDOWS\setupapi.log
2013-09-18 18:30 - 2010-11-11 10:51 - 02672865 _____ C:\WINDOWS\FaxSetup.log
2013-09-18 18:30 - 2010-11-11 10:51 - 01305831 _____ C:\WINDOWS\ocgen.log
2013-09-18 18:30 - 2010-11-11 10:51 - 01028213 _____ C:\WINDOWS\tsoc.log
2013-09-18 18:30 - 2010-11-11 10:51 - 00683144 _____ C:\WINDOWS\comsetup.log
2013-09-18 18:30 - 2010-11-11 10:51 - 00424818 _____ C:\WINDOWS\iis6.log
2013-09-18 18:30 - 2010-11-11 10:51 - 00413989 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-18 18:30 - 2010-11-11 10:51 - 00134025 _____ C:\WINDOWS\msgsocm.log
2013-09-18 18:30 - 2010-11-11 10:51 - 00105418 _____ C:\WINDOWS\ocmsn.log
2013-09-18 18:30 - 2010-11-11 10:51 - 00001917 _____ C:\WINDOWS\imsins.log
2013-09-18 18:28 - 2013-07-19 16:00 - 00000000 ____D C:\Program Files\eBookConverter
2013-09-18 17:23 - 2010-11-11 10:50 - 00170474 _____ C:\WINDOWS\setupact.log
2013-09-17 21:58 - 2013-09-17 20:43 - 00000000 ____D C:\Documents and Settings\casey \Local Settings\Application Data\NPE
2013-09-17 21:58 - 2010-11-11 10:49 - 00000304 __RSH C:\boot.ini
2013-09-17 14:27 - 2011-07-19 17:15 - 00002501 _____ C:\Documents and Settings\casey \Desktop\Microsoft Word 2010 (2).lnk
2013-09-17 14:21 - 2013-08-25 16:11 - 00000000 ____D C:\Documents and Settings\casey \My Documents\Sunday School 2013 calendar
2013-09-16 14:30 - 2010-12-29 19:11 - 00000000 ____D C:\Documents and Settings\casey \My Documents\megan
2013-09-14 11:26 - 2010-11-19 22:27 - 00097792 _____ C:\Documents and Settings\casey \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-14 11:23 - 2013-09-14 11:23 - 00000379 _____ C:\Documents and Settings\casey \My Documents\Shortcut to My Music.lnk
2013-09-14 11:19 - 2010-12-31 22:18 - 00000000 ____D C:\Documents and Settings\casey \My Documents\My Scans
2013-09-13 22:17 - 2011-01-25 00:55 - 00000000 ____D C:\Documents and Settings\casey \My Documents\My eBooks
2013-09-13 16:41 - 2013-09-13 10:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-13 11:44 - 2012-08-16 16:52 - 00000000 ____D C:\Documents and Settings\casey \.roescache
2013-09-13 11:34 - 2013-09-13 11:34 - 00072280 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-09-13 11:28 - 2013-09-13 11:28 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-09-13 11:28 - 2013-09-13 11:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\FinalTorrent
2013-09-13 11:28 - 2013-09-13 10:32 - 00000000 ____D C:\Documents and Settings\Administrator
2013-09-13 10:32 - 2013-09-13 10:32 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-09-13 03:40 - 2010-11-11 10:50 - 00278152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-13 03:21 - 2013-09-13 03:21 - 00023151 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-13 03:21 - 2011-07-19 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-09-13 03:21 - 2010-11-11 20:17 - 00307586 _____ C:\WINDOWS\updspapi.log
2013-09-13 03:21 - 2010-11-11 10:51 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-13 03:16 - 2013-09-13 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 03:16 - 2013-09-12 04:56 - 00029199 _____ C:\WINDOWS\KB2876315.log
2013-09-13 03:15 - 2013-09-13 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 03:15 - 2013-09-13 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-13 03:15 - 2013-09-12 04:56 - 00028234 _____ C:\WINDOWS\KB2864063.log
2013-09-13 03:15 - 2013-09-12 04:56 - 00028228 _____ C:\WINDOWS\KB2876217.log
2013-09-13 03:04 - 2013-08-14 03:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-13 03:01 - 2010-11-11 20:20 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-12 15:07 - 2013-08-21 15:05 - 00000000 ____D C:\Documents and Settings\casey \Local Settings\Application Data\FileTypeAssistant
2013-09-09 17:36 - 2012-10-04 22:11 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-08 16:03 - 2011-05-10 15:20 - 00000000 ____D C:\Documents and Settings\casey \Application Data\The Complete Genealogy Reporter - FTB
2013-09-04 13:45 - 2010-11-11 19:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-04 13:44 - 2013-09-04 13:44 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-04 13:44 - 2013-09-04 13:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-04 13:44 - 2013-09-04 13:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-04 13:44 - 2013-09-04 13:44 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-04 13:44 - 2013-04-22 15:45 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-04 13:44 - 2010-11-11 19:35 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-04 13:44 - 2010-11-11 19:35 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-09-03 14:20 - 2010-11-16 18:56 - 00000000 ____D C:\Documents and Settings\casey \Application Data\HpUpdate
2013-08-29 19:56 - 2013-06-08 15:17 - 00000000 ____D C:\Documents and Settings\casey \My Documents\tax 2013
2013-08-29 19:49 - 2011-05-10 15:21 - 00000000 ____D C:\Documents and Settings\casey \My Documents\MyHeritage
2013-08-29 11:24 - 2010-11-11 20:32 - 00034330 _____ C:\WINDOWS\wmsetup.log
2013-08-28 17:54 - 2011-01-25 00:36 - 00002327 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Professional.lnk
2013-08-28 15:23 - 2013-08-28 15:23 - 00000986 _____ C:\Documents and Settings\casey \Desktop\Continue Adobe AIR Free Download Installation.lnk
2013-08-28 03:00 - 2013-08-28 03:00 - 00010647 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 13:07 - 2010-11-16 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2013-08-26 17:20 - 2013-07-19 15:10 - 00000000 ____D C:\Documents and Settings\casey \My Documents\My Digital Editions
2013-08-24 10:29 - 2010-11-12 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-08-24 10:27 - 2013-08-24 10:27 - 00169680 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-08-24 09:45 - 2010-11-12 10:08 - 00000000 ____D C:\Documents and Settings\casey \Application Data\Adobe

Some content of TEMP:
====================
C:\Documents and Settings\casey \Local Settings\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================






additional:



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by casey at 2013-09-23 14:57:42
Running from C:\Documents and Settings\casey \Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Acrobat 6.0.1 Professional (Version: 006.000.001)
Adobe AIR (Version: 2.5.1.17730)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Amazon Kindle
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon Unbox Video (Version: 2.1.0.126)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
AzwSoft - Adobe EPub DRM Removal (Version: 6.3.8)
AzwSoft Ebook Drm Removal (Version: 6.6.2)
BookSmart® 3.2.1 3.2.1
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.09)
BufferChm (Version: 140.0.212.000)
calibre (Version: 0.9.40)
Catalina Savings Printer (Version: 1.0.0)
Copy (Version: 140.0.212.000)
Coupon Printer for Windows (Version: 5.0.0.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000)
F4400 (Version: 140.0.696.000)
File Type Assistant (Version: 2013.4.8.0)
GPBaseService2 (Version: 140.0.211.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 22 (Version: 6.0.220)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog MyOwnLeaptop Plugin (Version: 4.2.9.15649)
magicJack (HKCU Version: 2.0.6073.4413)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyHeritage Family Tree Builder (Version: 5.1.0.5365)
myPhotopipe ROES
Norton 360 (Version: 20.4.0.40)
NVIDIA Drivers
PrtScr 1.5
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
Shutterfly Express Uploader (Version: 1.0.0)
Shutterfly Express Uploader (Version: 1.0.0.4)
SigmaTel Audio (Version: 5.10.4820.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Status (Version: 140.0.212.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (Version: )
WD Drive Utilities (Version: 1.0.1.5)
WD Security (Version: 1.0.1.5)
WD SmartWare (Version: 1.6.2.6)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 140.0.212.017)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

==================== Restore Points =========================

26-06-2013 05:02:31 System Checkpoint
27-06-2013 07:43:41 System Checkpoint
28-06-2013 07:49:11 System Checkpoint
29-06-2013 14:30:51 System Checkpoint
30-06-2013 15:15:36 System Checkpoint
01-07-2013 17:24:44 System Checkpoint
02-07-2013 19:47:45 System Checkpoint
03-07-2013 21:37:45 System Checkpoint
04-07-2013 21:44:37 System Checkpoint
05-07-2013 22:25:36 System Checkpoint
06-07-2013 22:32:37 System Checkpoint
08-07-2013 03:37:05 System Checkpoint
09-07-2013 08:29:57 System Checkpoint
10-07-2013 08:00:34 Software Distribution Service 3.0
11-07-2013 13:13:20 System Checkpoint
12-07-2013 16:28:37 System Checkpoint
14-07-2013 19:56:39 System Checkpoint
15-07-2013 20:10:26 System Checkpoint
17-07-2013 01:46:06 System Checkpoint
18-07-2013 02:44:02 System Checkpoint
19-07-2013 04:05:13 System Checkpoint
19-07-2013 20:27:10 Installed EPubsoft EPUB to Kindle Converter 3.1.6.
19-07-2013 21:02:26 Installed calibre
20-07-2013 22:58:33 System Checkpoint
22-07-2013 02:58:12 System Checkpoint
22-07-2013 15:13:34 Removed Java 7 Update 17
22-07-2013 20:47:25 Removed QuickShare
23-07-2013 21:17:02 System Checkpoint
24-07-2013 21:51:35 System Checkpoint
25-07-2013 22:51:17 System Checkpoint
26-07-2013 22:51:33 System Checkpoint
27-07-2013 23:33:56 System Checkpoint
29-07-2013 00:28:33 System Checkpoint
30-07-2013 01:02:38 System Checkpoint
31-07-2013 01:25:18 System Checkpoint
01-08-2013 02:53:39 System Checkpoint
02-08-2013 03:45:42 System Checkpoint
03-08-2013 04:06:42 System Checkpoint
03-08-2013 20:46:41 Installed AzwSoft - Adobe EPub DRM Removal.
05-08-2013 00:31:14 System Checkpoint
06-08-2013 07:11:18 System Checkpoint
08-08-2013 00:53:32 System Checkpoint
09-08-2013 05:40:12 System Checkpoint
11-08-2013 16:04:02 System Checkpoint
12-08-2013 18:54:55 Installed AzwSoft Ebook Drm Removal.
14-08-2013 08:01:40 Software Distribution Service 3.0
15-08-2013 15:53:39 System Checkpoint
19-08-2013 21:49:06 System Checkpoint
20-08-2013 23:07:06 System Checkpoint
21-08-2013 23:47:57 System Checkpoint
23-08-2013 02:07:57 System Checkpoint
24-08-2013 03:07:43 System Checkpoint
25-08-2013 03:33:02 System Checkpoint
26-08-2013 04:00:27 System Checkpoint
27-08-2013 05:12:57 System Checkpoint
28-08-2013 05:32:48 System Checkpoint
28-08-2013 08:00:15 Software Distribution Service 3.0
29-08-2013 09:22:24 System Checkpoint
03-09-2013 20:42:08 System Checkpoint
04-09-2013 18:43:20 Removed Java 7 Update 17
04-09-2013 18:43:56 Installed Java 7 Update 25
05-09-2013 23:10:05 System Checkpoint
07-09-2013 00:57:18 System Checkpoint
08-09-2013 01:37:32 System Checkpoint
09-09-2013 02:07:43 System Checkpoint
10-09-2013 03:31:35 System Checkpoint
11-09-2013 04:07:19 System Checkpoint
12-09-2013 14:37:29 System Checkpoint
13-09-2013 08:00:58 Software Distribution Service 3.0
14-09-2013 08:00:19 Software Distribution Service 3.0
14-09-2013 18:16:40 Software Distribution Service 3.0
15-09-2013 23:57:25 System Checkpoint
17-09-2013 20:01:41 System Checkpoint
18-09-2013 23:07:29 System Checkpoint
23-09-2013 04:43:29 System Checkpoint

==================== Hosts content: ==========================

2003-03-31 07:00 - 2003-03-31 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FinalTorrent Update Checker.job => C:\Program Files\FinalTorrent\FTCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job => C:\Program Files\File Type Assistant\TSASetup.exe
Task: C:\WINDOWS\Tasks\ProgramUpdateCheck.job => C:\Program Files\File Type Assistant\tsassist.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1482476501-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1482476501-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_casey .job => C:\Documents and Settings\casey \Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_casey .job => C:\Documents and Settings\casey \Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_casey .job => C:\Documents and Settings\casey \Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2010-11-11 15:54 - 2008-04-13 19:12 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\System32\wbem\wbemcons.dll
2003-05-15 01:32 - 2003-05-15 01:32 - 00021099 _____ (Adobe Systems Incorporated.) C:\WINDOWS\system32\AdobePDF.dll
2010-11-16 18:57 - 2008-10-06 15:37 - 00315392 _____ (Hewlett-Packard Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpfpp083.dll
2011-02-17 03:01 - 2008-07-06 07:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2012-06-06 15:31 - 2012-06-06 15:31 - 02562560 _____ (Digia Plc) C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
2012-06-06 15:42 - 2012-06-06 15:42 - 08583680 _____ (Digia Plc) C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
2012-09-28 15:42 - 2012-09-28 15:42 - 00087432 _____ (LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeaptopDeviceHook.dll
2013-06-11 18:06 - 2013-05-28 12:52 - 01439056 ____R (SwapDrive, Inc.) C:\Program Files\Norton 360\Engine\20.4.0.40\BuEng.dll
2013-09-03 17:26 - 2013-09-03 17:26 - 02037688 _____ (Symantec Corporation) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHEngine.dll
2013-09-22 13:55 - 2013-08-20 17:51 - 00799136 _____ (Symantec Corporation) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130921.001\IDSxpx86.dll
2013-06-11 18:06 - 2012-08-16 20:05 - 00374232 ____R (GEAR-Software) C:\Program Files\Norton 360\Engine\20.4.0.40\gwrks32.dll
2013-06-11 18:06 - 2012-08-16 20:05 - 03914712 ____R (GEAR-Software) C:\Program Files\Norton 360\Engine\20.4.0.40\gearaw32.dll
2010-08-06 11:13 - 2010-08-06 11:13 - 00044032 _____ (Hewlett-Packard) c:\windows\system32\hpzinw12.dll
2010-11-11 16:18 - 2006-08-23 14:12 - 00196608 _____ () C:\WINDOWS\System32\nvapi.dll
2010-08-06 11:13 - 2010-08-06 11:13 - 00053760 _____ (Hewlett-Packard) c:\windows\system32\hpzipm12.dll
2012-06-14 11:58 - 2012-06-14 11:58 - 00967168 ____R (Robert Simpson, et al.) C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2010-09-13 10:48 - 2010-09-13 10:48 - 00138344 ____R (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientDll.dll
2010-09-13 10:48 - 2010-09-13 10:48 - 00236648 ____R (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientAppRoot.dll
2010-09-13 10:48 - 2010-09-13 10:48 - 00097384 ____R () C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2010-09-13 10:48 - 2010-09-13 10:48 - 00293992 ____R ( ) C:\Program Files\Amazon\Amazon Unbox Video\Interop.WMPLib.dll
2010-09-13 10:48 - 2010-09-13 10:48 - 00007784 ____R ( ) C:\Program Files\Amazon\Amazon Unbox Video\Interop.MSNETOBJLib.dll
2013-06-11 18:07 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2013 02:56:10 PM) (Source: Application Hang) (User: )
Description: Hanging application FRST.exe, version 3.3.8.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:55:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:55:23 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:55:14 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:54:41 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:54:12 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:54:00 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:52:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/19/2013 02:34:14 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/19/2013 02:33:54 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/23/2013 02:42:40 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (09/23/2013 02:39:08 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (09/23/2013 02:36:00 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (09/23/2013 02:34:01 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:


Microsoft Office Sessions:
=========================
Error: (09/23/2013 02:56:10 PM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.8.1hungapp0.0.0.000000000

Error: (09/23/2013 02:55:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:55:23 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:55:14 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:54:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:54:12 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:54:00 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:52:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/19/2013 02:34:14 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/19/2013 02:33:54 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 1982.42 MB
Available physical RAM: 1409.64 MB
Total Pagefile: 4801.79 MB
Available Pagefile: 4225.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.79 GB) (Free:72.5 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DISK3_VOL1) (Fixed) (Total:279.46 GB) (Free:68.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=DB)

========================================================
Disk: 1 (Size: 279 GB) (Disk ID: 19157A02)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 23 September 2013 - 03:34 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mblakes,

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
So when you return please post
  • JRT.txt
  • OTL.txt
  • 0

#5
mblakes
Posted 23 September 2013 - 09:28 PM

mblakes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
jrt


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by casey on Mon 09/23/2013 at 22:21:06.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\socialbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287802
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{02813980-DE12-4485-A8B8-EE33A55F56F7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\casey\Application Data\goforfiles"
Successfully deleted: [Folder] "C:\Documents and Settings\casey\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\casey\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\casey\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\Documents and Settings\casey\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Documents and Settings\casey\Local Settings\Application Data\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/23/2013 at 22:26:25.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
emeraldnzl
Posted 23 September 2013 - 09:31 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I take it that the OTL one is still coming. :)
  • 0

#7
mblakes
Posted 23 September 2013 - 09:37 PM

mblakes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
just ran the otl

OTL logfile created on: 9/23/2013 10:29:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\casey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.84% Memory free
4.69 Gb Paging File | 4.07 Gb Available in Paging File | 86.86% Paging File free
Paging file location(s): C:\pagefile.sys 2973 8185 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.79 Gb Total Space | 72.34 Gb Free Space | 49.62% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 68.97 Gb Free Space | 24.68% Space Free | Partition Type: NTFS

Computer Name: WINXP_HOME | User Name: casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 21:13:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\casey\Desktop\OTL.exe
PRC - [2013/09/04 13:44:11 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/25 21:48:08 | 000,228,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2012/10/04 21:52:43 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/14 12:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 12:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 11:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/13 17:55:18 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/06/13 17:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2010/09/13 10:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/03/31 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsmsink.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/14 04:17:48 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 04:17:48 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/14 04:17:43 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/14 04:09:56 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\40ea80adb0fbe21bc953ac641f033a04\System.Web.Services.ni.dll
MOD - [2013/08/14 04:06:25 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/14 04:04:59 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/08/14 03:54:21 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/14 03:41:12 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a10f361c888b8b98f7ad1fa8d7a51516\System.Data.ni.dll
MOD - [2013/08/14 03:39:34 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/14 03:38:38 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 03:37:58 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/08/14 03:37:33 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 03:24:57 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/14 03:23:13 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/14 03:16:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/10 03:55:52 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/07/10 03:48:32 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 03:48:23 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/10 03:39:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2010/09/13 10:48:20 | 000,097,384 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/04 13:44:11 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/14 12:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 12:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/13 17:55:18 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2010/09/13 10:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/03 17:26:28 | 001,097,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/08/28 19:09:50 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130923.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/28 19:09:50 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130923.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/26 21:06:42 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/26 21:06:42 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/20 17:51:32 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130923.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/06/17 17:15:06 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 00:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 00:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 00:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 19:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 20:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/04 20:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {02813980-DE12-4485-A8B8-EE33A55F56F7}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\CASEYA~1\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/09/22 21:48:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/16 18:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/04 21:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/06/11 16:17:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/16 18:56:11 | 000,000,000 | ---D | M]

[2013/08/21 15:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\casey\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O4 - Startup: C:\Documents and Settings\casey\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2F781383-BAA0-4ED1-8D9E-AF9F12139097} http://pro.myphotopi...s/Uploader8.cab (Uploader Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0466AE6C-C1A8-401E-8583-B25C3EC5BF17}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\casey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\casey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/11 15:56:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell - "" = AutoRun
O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{b784ce95-f1dc-11df-ba03-001372377827}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/23 22:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/23 22:20:40 | 001,030,038 | ---- | C] (Thisisu) -- C:\Documents and Settings\casey\Desktop\JRT.exe
[2013/09/23 15:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey\Desktop\trying to fix computer
[2013/09/23 14:51:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/23 14:48:17 | 001,088,367 | ---- | C] (Farbar) -- C:\Documents and Settings\casey\Desktop\FRST.exe
[2013/09/18 21:12:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\casey\Desktop\OTL.exe
[2013/09/17 20:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey\Local Settings\Application Data\NPE
[2013/09/04 13:44:55 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/09/04 13:44:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/09/04 13:44:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/09/04 13:44:48 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/25 16:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\casey\My Documents\Sunday School 2013 calendar
[2013/03/28 20:14:58 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\casey\Local Settings\Application Data\BcsKtYcHW.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/23 22:20:47 | 001,030,038 | ---- | M] (Thisisu) -- C:\Documents and Settings\casey\Desktop\JRT.exe
[2013/09/23 22:19:25 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/09/23 21:51:42 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_casey.job
[2013/09/23 17:36:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/23 15:09:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\FinalTorrent Update Checker.job
[2013/09/23 15:07:03 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/09/23 15:00:36 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\casey\Desktop\Microsoft Word 2010 (2).lnk
[2013/09/23 14:49:11 | 001,088,367 | ---- | M] (Farbar) -- C:\Documents and Settings\casey\Desktop\FRST.exe
[2013/09/22 22:10:52 | 000,003,848 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2013/09/22 21:48:47 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1482476501-725345543-1004.job
[2013/09/22 21:48:35 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1482476501-725345543-1004.job
[2013/09/22 21:48:02 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_casey.job
[2013/09/22 21:48:01 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/09/22 21:48:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GoforFilesUpdate.job
[2013/09/22 21:47:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/22 18:32:11 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_casey.job
[2013/09/22 13:32:25 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/18 23:09:04 | 000,000,110 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2013/09/18 22:54:35 | 000,077,696 | ---- | M] () -- C:\Documents and Settings\casey\My Documents\bookmark.htm
[2013/09/18 21:13:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\casey\Desktop\OTL.exe
[2013/09/17 21:58:31 | 000,000,304 | RHS- | M] () -- C:\boot.ini
[2013/09/14 11:26:25 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\casey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/14 11:23:14 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\casey\My Documents\Shortcut to My Music.lnk
[2013/09/13 03:40:12 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 03:21:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/04 13:44:18 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/09/04 13:44:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/09/04 13:44:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/09/04 13:44:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/09/04 13:44:08 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/09/04 13:44:07 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/09/04 13:44:07 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/08/28 15:23:28 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\casey\Desktop\Continue Adobe AIR Free Download Installation.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 22:54:33 | 000,077,696 | ---- | C] () -- C:\Documents and Settings\casey\My Documents\bookmark.htm
[2013/09/14 11:23:16 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\casey\My Documents\Shortcut to My Music.lnk
[2013/09/04 02:09:01 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_casey.job
[2013/09/04 02:09:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_casey.job
[2013/09/04 02:09:00 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_casey.job
[2013/08/28 15:23:28 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\casey\Desktop\Continue Adobe AIR Free Download Installation.lnk
[2013/08/24 10:27:11 | 000,169,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/28 20:14:55 | 000,893,239 | ---- | C] () -- C:\Documents and Settings\casey\Local Settings\Application Data\a.zip
[2013/02/11 20:33:12 | 000,287,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1482476501-725345543-1004-0.dat
[2013/02/11 20:33:09 | 000,287,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/17 10:28:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/12 14:17:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\casey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/26 10:16:06 | 000,004,250 | ---- | C] () -- C:\Documents and Settings\casey\Application Data\wklnhst.dat
[2010/11/19 22:27:29 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\casey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/15 07:50:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#8
emeraldnzl
Posted 23 September 2013 - 09:48 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mblakes,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\CASEYA~1\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
    [2013/03/28 20:14:58 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\casey\Local Settings\Application Data\BcsKtYcHW.dll
    O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell - "" = AutoRun
    O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe
    O33 - MountPoints2\{b784ce95-f1dc-11df-ba03-001372377827}\Shell\AutoRun\command - "" = G:\setupSNK.exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#9
mblakes
Posted 23 September 2013 - 10:15 PM

mblakes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ran:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator\ deleted successfully.
C:\DOCUME~1\CASEYA~1\APPLIC~1\CATALI~2\NPBCSK~1.DLL moved successfully.
File C:\Documents and Settings\casey\Local Settings\Application Data\BcsKtYcHW.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58e0626e-aad2-11e1-ba64-001372377827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58e0626e-aad2-11e1-ba64-001372377827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58e0626e-aad2-11e1-ba64-001372377827}\ not found.
File G:\KODAK_Camera_Setup_App.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b784ce95-f1dc-11df-ba03-001372377827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b784ce95-f1dc-11df-ba03-001372377827}\ not found.
File G:\setupSNK.exe not found.
C:\WINDOWS\002174_.tmp deleted successfully.
C:\WINDOWS\005192_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\NV3921160.TMP folder deleted successfully.
C:\NV804740.TMP folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\casey \Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\casey \Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: casey
->Temp folder emptied: 50870013 bytes
->Temporary Internet Files folder emptied: 915620157 bytes
->Java cache emptied: 21238872 bytes
->Flash cache emptied: 3005991 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1898213 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2533381 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 492993890 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 54135 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,420.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09232013_224938

Files\Folders moved on Reboot...
C:\Documents and Settings\casey \Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF6AE2.tmp not found!
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF6AF4.tmp not found!
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF6B56.tmp not found!
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF6B68.tmp not found!
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF6B9E.tmp not found!
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF6BB0.tmp not found!
C:\Documents and Settings\casey \Local Settings\Temporary Internet Files\Content.IE5\I39GL064\index[1].php moved successfully.
C:\Documents and Settings\casey\Local Settings\Temporary Internet Files\Content.IE5\0MBNCGWB\page__p__2333890__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\casey\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\etilqs_w9o3jF9mh39Nfwd not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_174.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Then relized that i've been deleting my last name- so i ran the box again changing first name to first name last name.
All processes killed
Error: Unable to interpret <• :OTL> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\CASEY A~1\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)> in the current context!
Error: Unable to interpret <[2013/03/28 20:14:58 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\casey \Local Settings\Application Data\BcsKtYcHW.dll> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{58e0626e-aad2-11e1-ba64-001372377827}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{b784ce95-f1dc-11df-ba03-001372377827}\Shell\AutoRun\command - "" = G:\setupSNK.exe> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2 C:\*.tmp files -> C:\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\casey \Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\casey \Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: casey
->Temp folder emptied: 69883570 bytes
->Temporary Internet Files folder emptied: 1690876 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29343 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 68.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09232013_230447

Files\Folders moved on Reboot...
C:\Documents and Settings\casey \Local Settings\Temp\WERfcea.dir00\OTL.exe.hdmp moved successfully.
C:\Documents and Settings\casey \Local Settings\Temp\WERfb39.dir00\OTL.exe.hdmp moved successfully.
C:\Documents and Settings\casey \Local Settings\Temp\WEReb68.dir00\OTL.exe.hdmp moved successfully.
C:\Documents and Settings\casey \Local Settings\Temp\WERce1e.dir00\OTL.exe.hdmp moved successfully.
C:\Documents and Settings\casey \Local Settings\Temp\WERc8dd.dir00\OTL.exe.hdmp moved successfully.
C:\Documents and Settings\casey \Local Settings\Temp\WER5906.dir00\OTL.exe.hdmp moved successfully.
C:\Documents and Settings\casey \Local Settings\Temp\WER0507.dir00\OTL.exe.hdmp moved successfully.
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DF141E.tmp not found!
File\Folder C:\Documents and Settings\casey\Local Settings\Temp\~DF19AC.tmp not found!
File\Folder C:\Documents and Settings\casey\Local Settings\Temp\~DF422.tmp not found!
File\Folder C:\Documents and Settings\casey\Local Settings\Temp\~DFE57.tmp not found!
File\Folder C:\Documents and Settings\casey\Local Settings\Temp\~DFED9A.tmp not found!
File\Folder C:\Documents and Settings\casey \Local Settings\Temp\~DFFD60.tmp not found!
C:\Documents and Settings\casey \Local Settings\Temporary Internet Files\Content.IE5\HO59NY4K\page__p__2333890__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\casey\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6c0.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by mblakes, 24 September 2013 - 03:23 PM.

  • 0

#10
emeraldnzl
Posted 23 September 2013 - 10:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again mblakes,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#11
mblakes
Posted 24 September 2013 - 07:23 AM

mblakes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=973bc339029a66429704e0331e4050f9
# engine=15234
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-24 08:20:16
# local_time=2013-09-24 03:20:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3592 16777213 100 93 89616 130586912 0 0
# scanned=200491
# found=2
# cleaned=2
# scan_time=13395
sh=897490BCEBC6099569EF60B3E92CD7856F73FE98 ft=1 fh=07059145f0f76aa2 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\casey\My Documents\SoftonicDownloader_for_ebook-drm-removal.exe"
sh=EC8BA650CC0326B76C4367CCDE5BE9816668481A ft=1 fh=31e502bc150d2275 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\casey\My Documents\m\book\SoftonicDownloader_for_epub-to-kindle-converter.exe"



The iexplore.exe in my task manager stiill is using 170,000+ k - it that normal for 1 window/1 tab open. And it vrey slow if I open a another window or more tabs.

Edited by mblakes, 24 September 2013 - 03:18 PM.

  • 0

#12
emeraldnzl
Posted 24 September 2013 - 11:32 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again mblakes,

The iexplore.exe in my task manager stiill is using 170,000+ k - it that normal for 1 window/1 tab open. And it vrey slow if I open a another window or more tabs.


My firefox.exe is showing at 181,000 as we speak. I have one window and one tab open.

I am not finding malware as a cause. Could be corrupted RAM or just not enought RAM. I notice at the start of this thread you had only 0.67 Gb Available Physical Memory according to the OTL scan. It improved somewhat in later scans but maybe still a bit low.

Over time computers do build up bits and pieces of left over programs updates etc. which slow the machine. Some people even go to extent of reformatting their computers every few years just to clean them up. Removing surplus programs can help, also making sure your computer is clean (dust free) and not overheating are good housekeeping actions to help it run efficiently. Here are a couple of links that may be helpful:

Go here for information about what makes your computer slow by Artellos.

In addition:

miekiemoes has a blog with some information about slow computing.

Just scroll down until you find it, might be helpful. Link below.

http://miekiemoes.bl...l/Slow computer

Otherwise I think you are good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

Step 2

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
mblakes
Posted 24 September 2013 - 03:17 PM

mblakes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thank you for all your help
  • 0

#14
emeraldnzl
Posted 24 September 2013 - 09:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You are welcome :happy:

I will keep this topic open for a day or two in case any issues appear.
  • 0

#15
emeraldnzl
Posted 09 October 2013 - 12:02 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP