Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

High CPU usage - Long delays [Closed]

Started by RogerMortimer , Sep 26 2013 07:39 AM

  • This topic is locked This topic is locked

#1
RogerMortimer
Posted 26 September 2013 - 07:39 AM

RogerMortimer

    Member

  • Member
  • PipPip
  • 45 posts
I have started to experience long delays with 100% CPU usage.
The culpret processes are:- SVCHOST.EXE, SYSTEM IDLE PROCESS & DUMP PREP.EXE

Now, for some minutes after boot, all seems well but then CPU usage goes to 100% and everything freezes. Going to windows task manager and selecting SVCHOST.EXE (SYSTEM), which is using 98 to 100% CPU,and "ending process" cures the problem.

I have posted the topic under "Operating Systems Windows XP and after some actions have been advised to post here.

OTL has yielded the following:-

OTL logfile created on: 9/26/2013 3:19:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Files_RSM
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.78% Memory free
3.84 Gb Paging File | 3.10 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.54 Gb Total Space | 75.03 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
Drive D: | 114.34 Gb Total Space | 77.43 Gb Free Space | 67.72% Space Free | Partition Type: NTFS
Drive E: | 8.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROGER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 15:01:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Files_RSM\OTL.exe
PRC - [2013/07/03 10:29:29 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/06 18:06:30 | 000,669,480 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Disk Speedup\DSUDefragSrv.exe
PRC - [2013/01/11 09:08:34 | 000,363,520 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
PRC - [2013/01/02 10:23:58 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/12/18 17:52:34 | 001,820,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/12/18 17:50:42 | 000,656,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 15:38:35 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/07/03 10:29:29 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/05/30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/20 12:37:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/02/06 18:06:30 | 000,669,480 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Disk Speedup\DSUDefragSrv.exe -- (DSUDiskOptimizer)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS -- (WFIOCTL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- -- (NeroCdNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Gigabyte\ET5Pro\markfun.w32 -- (MarkFun_NT)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWCD2.sys -- (HSFHWCD2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/23 17:19:04 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/23 11:32:31 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/23 11:32:31 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/23 11:32:31 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/23 11:32:31 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.023\NAVENG.SYS -- (NAVENG)
DRV - [2013/09/21 00:37:40 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130925.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/09/03 22:41:52 | 001,097,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 02:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/04/10 22:19:23 | 000,198,392 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pfmfs_853.sys -- (pfmfs_853)
DRV - [2013/03/05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/12/29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/09/21 21:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/07 16:05:42 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/15 11:21:37 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/07/21 17:07:36 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/27 10:26:10 | 000,016,376 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/21 02:10:24 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/03/01 06:12:16 | 000,075,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/03/01 06:12:16 | 000,058,368 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus)
DRV - [2006/04/20 15:20:22 | 000,019,456 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2006/04/20 14:50:34 | 000,059,776 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2006/04/20 14:49:26 | 000,009,600 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/10/08 03:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1997/12/22 18:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...?l=dis&o=101916
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.co...opt=1&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 DD A2 B0 D7 A7 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKCU\..\SearchScopes\{48A86E08-B5DE-4D10-A71A-9B1C9355C69E}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: firefox-autofill%40googlegroups.com:3.6
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.23.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/02 10:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/02 10:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/09/26 10:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/09/23 16:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/21 17:06:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e207b206-e664-47a2-ad92-afae2f93c38e}: C:\Program Files\a2zlyr\131.xpi [2013/08/29 09:52:40 | 000,004,056 | ---- | M] ()

[2008/06/21 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/09/23 15:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions
[2013/03/20 14:54:16 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/08/29 09:52:40 | 000,000,000 | ---D | M] (a2zLyrics) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\131
[2012/12/05 09:49:02 | 000,149,045 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\[email protected]
[2013/03/20 14:29:06 | 000,067,503 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\[email protected]
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\askcom.xml
[2009/03/14 15:36:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\mozilla-add-ons.xml
[2013/07/03 10:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 10:29:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 10:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2013/07/03 10:29:15 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 10:29:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/26 10:57:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\COFFPLGN
[2010/08/25 11:45:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/01/02 10:24:10 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/04/22 09:48:01 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/10/21 15:33:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (a2zLyrics) - {70c9c475-71d7-4ff3-a65c-bb8a0c0ddcb7} - C:\Program Files\a2zlyr\131.dll (a2zLyrics)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [HP Deskjet 4620 series (NET)] C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to Keyboard.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: subscribeonline.co.uk ([secure2] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1207122625000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MSHome
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013858D6-F9ED-465E-9540-BB557C2C9070}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007/01/01 22:13:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/09/19 17:34:05 | 000,000,065 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/24 17:06:03 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2013/09/23 17:18:50 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.sys
[2013/09/23 17:18:50 | 000,396,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdi.sys
[2013/09/23 17:18:50 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.sys
[2013/09/23 17:18:50 | 000,352,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys
[2013/09/23 17:18:50 | 000,339,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnets.sys
[2013/09/23 17:18:50 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys
[2013/09/23 17:18:50 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.sys
[2013/09/23 17:18:49 | 000,603,224 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys
[2013/09/23 17:18:49 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\ironx86.sys
[2013/09/23 17:18:49 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.sys
[2013/09/23 17:18:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\1404000.028
[2013/09/23 16:37:09 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/09/23 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/09/23 16:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2013/09/23 16:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2013/09/23 16:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2013/09/23 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/09/19 17:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pismo File Mount Audit Package
[2013/09/19 17:11:03 | 000,198,520 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmshx_853.dll
[2013/09/19 17:11:03 | 000,150,392 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfolder.exe
[2013/09/19 17:11:03 | 000,115,064 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pftest.exe
[2013/09/19 17:11:03 | 000,113,016 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\ptramfs.exe
[2013/09/19 17:11:02 | 000,164,728 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmzipfs.dll
[2013/09/19 17:11:02 | 000,127,864 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmshellfs.dll
[2013/09/19 17:11:02 | 000,123,768 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmsocketfs.dll
[2013/09/19 17:11:02 | 000,122,744 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmramfs.dll
[2013/09/19 17:11:02 | 000,101,752 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmredirfs.dll
[2013/09/19 17:11:01 | 000,388,472 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmapi_853.dll
[2013/09/19 17:11:01 | 000,322,936 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmpfolderfs.dll
[2013/09/19 17:11:01 | 000,248,184 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmisofs.dll
[2013/09/19 17:11:01 | 000,167,800 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmstat.exe
[2013/09/19 17:11:01 | 000,105,848 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmmosaicfs.dll
[2013/09/19 17:11:01 | 000,071,032 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmsyshost.exe
[2013/09/19 17:11:01 | 000,071,032 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmhost.exe
[2013/09/19 17:11:00 | 000,198,392 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\drivers\pfmfs_853.sys
[2013/09/19 17:11:00 | 000,104,824 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfm.exe
[2013/09/19 17:11:00 | 000,101,752 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\ptdllrun1.exe
[2013/09/19 17:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pismo File Mount Audit Package
[2013/09/18 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2013/09/18 10:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/09/17 15:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2013/09/09 09:52:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2013/09/02 09:54:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[2013/08/30 10:21:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/29 09:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\a2zlyr
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/26 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/09/26 14:39:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/26 14:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/26 14:00:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/09/26 10:55:38 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/09/26 10:55:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/09/26 10:55:27 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk
[2013/09/26 10:54:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/26 10:54:52 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\a2zlyrics update.job
[2013/09/26 10:54:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/09/26 10:54:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/26 10:40:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/26 10:10:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/09/26 10:09:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/09/25 17:20:49 | 000,013,347 | ---- | M] () -- C:\WINDOWS\123r5.ini
[2013/09/25 17:20:47 | 000,000,987 | ---- | M] () -- C:\WINDOWS\lotus.ini
[2013/09/25 15:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/09/24 17:06:03 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2013/09/24 15:06:06 | 000,000,015 | ---- | M] () -- C:\WINDOWS\wgedit.ini
[2013/09/24 13:10:44 | 000,702,041 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
[2013/09/23 17:39:21 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/09/23 17:19:04 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/09/23 17:19:04 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/09/23 17:19:04 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/09/23 16:35:40 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Norton Installation Files.lnk
[2013/09/23 15:30:38 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NortonIdentifySafe.url
[2013/09/23 14:41:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/22 06:37:25 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 17:18:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/20 17:21:40 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/09/19 10:49:37 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\user\Desktop\WinRAR.lnk
[2013/09/18 10:40:03 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2013/09/18 10:40:02 | 000,002,360 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2013/09/14 20:40:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/08/30 11:04:43 | 000,000,810 | ---- | M] () -- C:\WINDOWS\EZPHOTO.INI
[2013/08/30 10:19:02 | 000,000,476 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Downloads.lnk
[2013/08/28 09:56:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\ipconfig
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/23 17:38:04 | 000,702,041 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
[2013/09/23 17:19:41 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\VT20130115.021
[2013/09/23 17:18:50 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.cat
[2013/09/23 17:18:50 | 000,008,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnet.cat
[2013/09/23 17:18:50 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnetv.cat
[2013/09/23 17:18:50 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.cat
[2013/09/23 17:18:50 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.cat
[2013/09/23 17:18:50 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.inf
[2013/09/23 17:18:50 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.inf
[2013/09/23 17:18:50 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnetv.inf
[2013/09/23 17:18:50 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnet.inf
[2013/09/23 17:18:50 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.inf
[2013/09/23 17:18:50 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.inf
[2013/09/23 17:18:49 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.cat
[2013/09/23 17:18:49 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\iron.cat
[2013/09/23 17:18:49 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.inf
[2013/09/23 17:18:49 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.inf
[2013/09/23 17:18:49 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\iron.inf
[2013/09/23 17:18:09 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.cat
[2013/09/23 17:18:09 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.cat
[2013/09/23 17:18:09 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\isolate.ini
[2013/09/23 16:37:09 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/09/23 16:37:09 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/09/23 16:36:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/09/23 15:30:38 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NortonIdentifySafe.url
[2013/09/22 10:02:58 | 000,049,518 | ---- | C] () -- C:\Documents and Settings\user\Desktop\autoruns.chm
[2013/09/20 16:14:22 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\a2zlyrics update.job
[2013/09/19 10:49:36 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\user\Desktop\WinRAR.lnk
[2013/09/18 10:40:03 | 000,002,378 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2013/09/18 10:40:02 | 000,002,360 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2013/09/18 10:37:59 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/09/04 15:09:13 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk
[2013/08/30 10:18:16 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Downloads.lnk
[2013/08/28 09:56:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\ipconfig
[2013/08/09 15:15:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\cls
[2013/02/27 17:29:55 | 000,327,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/27 17:29:55 | 000,327,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-412668190-839522115-1004-0.dat
[2013/02/19 15:31:57 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/09/21 20:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/07/07 10:40:26 | 000,000,241 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2012/02/15 10:36:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 14:43:50 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/02/14 09:25:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a03648
[2010/11/05 12:21:59 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a02524
[2010/10/23 17:06:48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a04068
[2010/10/20 14:20:58 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a01180
[2010/06/20 16:57:22 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\unzip.bat
[2010/06/08 09:53:49 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/20 12:39:31 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/07/20 12:39:31 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ADC15840AC.sys
[2008/06/12 15:36:38 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/27 14:52:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

========== ZeroAccess Check ==========

[2010/04/16 11:14:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/29 06:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/12 15:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2013/02/27 10:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2013/02/27 10:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2013/02/27 10:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Encore
[2010/06/10 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/06/11 17:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/10 18:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/09 16:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steganos
[2010/06/11 10:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/25 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/03/20 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/02/26 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2010/06/26 11:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/02/27 10:40:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
[2009/11/03 14:28:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2011/08/08 16:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Acronis
[2013/02/27 10:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle Card Games 2012
[2013/02/27 10:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle FaceCreator
[2011/10/29 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IGC
[2012/09/09 14:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2010/07/18 14:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder
[2008/07/21 10:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2011/10/15 15:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jigsaws Galore
[2013/04/17 16:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2008/06/11 17:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nuance
[2008/07/25 14:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Panasonic
[2011/11/11 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PDF Pro 10
[2008/03/30 12:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Printer Info Cache
[2010/02/10 18:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ScanSoft
[2008/04/19 10:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Steganos AntiSpam 2007
[2009/08/22 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\System Tweaker
[2010/05/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Trusteer
[2009/11/03 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF

< End of report >
OTL Extras logfile created on: 9/26/2013 3:19:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Files_RSM
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.78% Memory free
3.84 Gb Paging File | 3.10 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.54 Gb Total Space | 75.03 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
Drive D: | 114.34 Gb Total Space | 77.43 Gb Free Space | 67.72% Space Free | Partition Type: NTFS
Drive E: | 8.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROGER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Nuance\NaturallySpeaking9\Program\tagent.exe" = C:\Program Files\Nuance\NaturallySpeaking9\Program\tagent.exe:*:Enabled:AutoTranscribe Folder Agent -- (Nuance Communications, Inc.)
"C:\Program Files\PCTV4Me\PCTV4Me.exe" = C:\Program Files\PCTV4Me\PCTV4Me.exe:*:Enabled:Internet TV and Radio Player
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"D:\Skype\Plugin Manager\skypePM.exe" = D:\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Documents and Settings\user\Local Settings\Temp\7zS0F5B\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\user\Local Settings\Temp\7zS0F5B\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Documents and Settings\user\Local Settings\Temp\7zS76C9\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\user\Local Settings\Temp\7zS76C9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Documents and Settings\user\Local Settings\Temp\7zS5215\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\user\Local Settings\Temp\7zS5215\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Program Files\HP\HP Deskjet 4620 series\Bin\FaxApplications.exe" = C:\Program Files\HP\HP Deskjet 4620 series\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Deskjet 4620 series FaxApplications -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 4620 series\Bin\DigitalWizards.exe" = C:\Program Files\HP\HP Deskjet 4620 series\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Deskjet 4620 series DigitalWizards -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 4620 series\Bin\SendAFax.exe" = C:\Program Files\HP\HP Deskjet 4620 series\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Deskjet 4620 series SendFaxAppExe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 4620 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 4620 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 4620 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 4620 series) -- (Hewlett-Packard Co.)
"C:\Documents and Settings\user\Local Settings\Temp\7zS35B2\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\user\Local Settings\Temp\7zS35B2\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Documents and Settings\user\Local Settings\Temp\7zS43BD\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\user\Local Settings\Temp\7zS43BD\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Documents and Settings\user\Local Settings\Temp\7zS2DB2\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\user\Local Settings\Temp\7zS2DB2\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"D:\Skype\Phone\Skype.exe" = D:\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01171824-7f7c-427f-8553-d163d47353a8}" = Nero 9 Trial
"{01709BCA-8553-4B46-8A75-DBCCAC95DD62}" = Hoyle Card Games 2012
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09180f25-4be1-4f74-a0a3-3e0bccbafe19}" = a2zLyrics
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1130A295-EC7F-4DEF-9A77-146FD5F18528}" = Sonocaddie V100
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 7.0
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41C53CC3-37BF-4048-8BC8-1977446A847C}" = HP Deskjet 4620 series Product Improvement Study
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5773FBCB-BA2C-4F3E-9904-48247BF752FC}" = HP Deskjet 4620 series Help
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{602A205F-8D02-48EE-8782-262B2103B984}" = ScanSoft PDF Converter 3.0
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio 2012 Deluxe
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90885A82-9673-49EA-AB39-AF776639C67C}" = DVD7
"{921EFE93-5B07-45A6-A5A8-8CFF1448BAF6}" = HP Deskjet 4620 series Basic Device Software
"{934519A2-4D50-4B83-A459-92D90E9E3188}" = WinFast PVR
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6E08FBC-FC99-4CEE-B645-83A42107BE89}" = Hallmark Card Studio 2013 Deluxe
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Multimedia PCI Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4362392-DEE8-47F9-8A5B-CCC20BC0E512}" = GPS Caddie Sync Software
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PhotoDeluxe 2.0" = Adobe PhotoDeluxe 2.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_USB_VID_0572&PID_1300" = SoftK56 Data Fax CARP
"ContentaConverter-PREMIUM" = Contenta Converter PREMIUM
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.23
"DAB436C4031D4395E5025EEF529E9B04643E6900" = Windows Driver Package - Hewlett-Packard hp scanjet 3600 series (01/17/2007 8.1.0.77)
"Family Tree Maker 2012" = Family Tree Maker 2012
"Hallmark Card Studio" = Hallmark Card Studio
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"if40leUninstall" = Presto! ImageFolio LE
"InfraRecorder" = InfraRecorder
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Jigsaws Galore 7_is1" = Jigsaws Galore Version 7
"Jigsaws Galore_is1" = Jigsaws Galore
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 22.0 (x86 en-GB)" = Mozilla Firefox 22.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"OpenAL" = OpenAL
"PageManager" = Presto! PageManager
"PageType" = Presto! PageType
"PAUninstall" = Presto! PhotoAlbum
"PhotoRecord" = Canon PhotoRecord
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"RealPlayer 16.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SmartSuite V97.0" = Lotus SmartSuite 97
"SpeedFan" = SpeedFan (remove only)
"SysExporter" = SysExporter
"TextBridge Pro 9.0" = TextBridge Pro 9.0
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"Tweak UI 2.10" = Tweak UI
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2013 4:14:31 AM | Computer Name = ROGER | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2013 4:15:05 AM | Computer Name = ROGER | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2013 4:16:18 AM | Computer Name = ROGER | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2013 9:10:25 AM | Computer Name = ROGER | Source = Application Error | ID = 1000
Description = Faulting application webplayer.exe, version 1.1.0.0, faulting module
shdocvw.dll, version 6.0.2900.5803, fault address 0x0003424c.

[ System Events ]
Error - 9/25/2013 8:59:16 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 9/26/2013 3:33:22 AM | Computer Name = ROGER | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
001D7D4C092E has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a
DHCPNACK message).

Error - 9/26/2013 3:34:00 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The WinFast TV2000 XP WDM Video Capture service failed to start due
to the following error: %%1058

Error - 9/26/2013 3:34:00 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The WinFast TV2000 XP WDM TVTuner service failed to start due to the
following error: %%1058

Error - 9/26/2013 3:34:00 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The WinFast TV2000 XP WDM Crossbar service failed to start due to
the following error: %%1058

Error - 9/26/2013 4:55:18 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The WinFast TV2000 XP WDM Video Capture service failed to start due
to the following error: %%1058

Error - 9/26/2013 4:55:18 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The WinFast TV2000 XP WDM TVTuner service failed to start due to the
following error: %%1058

Error - 9/26/2013 4:55:18 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The WinFast TV2000 XP WDM Crossbar service failed to start due to
the following error: %%1058

Error - 9/26/2013 4:58:42 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 9/26/2013 8:14:48 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >

System Information
------------------
AllocateCdRoms : 0
Operating System : Windows XP Home Edition (5.01.2600 Service Pack 3)
Country : United States
Language : English
ANSI Code Page : 1252
OEM Code Page : 437
DirectX : DirectX 9.0c
Internet Explorer : 6.0.2900.5512 (Build 62900.5512

Computer

ACPI Uniprocessor PC
-----------------------------
Driver
Description : ACPI Uniprocessor PC
Company : Microsoft
Version : 5.1.2600.0
Date : 7-1-2001
File Name : hal.inf
RAM : 1.9 GB
Processors

Intel® Celeron® CPU 420 @ 1.60GHz
-----------------------------
Driver
Description : Intel Processor
Company : Microsoft
Version : 5.1.2600.0
Date : 4-1-2004
File Name : cpu.inf
Network adapters

Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
-----------------------------
Driver
Description : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Company : Realtek Semiconductor Corp.
Version : 5.682.1122.2007
Date : 11-22-2007
File Name : oem24.inf
Drive Information
------------------
Drive : TSSTcorp CDDVDW SH-S203B
Type : DVD±R/RW DL Recorder
Firmware Version : SB01
Buffer Size : 2 MB
Date : ?
Serial Number : SH-S203BFirmware
Vendor Specific : 0801
Drive Letter : E:\
Location : 0:0
Mechanism : Tray
Read Speed : 40 , 32 , 24 , 16 , 8 , 4 X
Write Speed : 48 , 40 , 32 , 24 , 16 X
  • 0

Advertisements

#2
blmadara
Posted 29 September 2013 - 05:34 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi RogerMortimer, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

  • Run OTL. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    netsvcs
msconfig
drives
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
  • Please select the Scan All Users checkbox.
  • Make sure the checkboxes next to Lop Check and Purity Check are selected.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

Step Three: Computer Symptoms

Please let me know what problems you are having with your computer.


What I need in your next post:
1. The report from the OTL scan, OTL.txt.
2. The log produced by aswMBR.exe.
3. Let me know what problems you are having with your computer.
  • 0

#3
RogerMortimer
Posted 01 October 2013 - 07:32 AM

RogerMortimer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Step 1

OTL logfile created on: 10/1/2013 10:14:18 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Files_RSM
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.65% Memory free
3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.54 Gb Total Space | 74.25 Gb Free Space | 62.64% Space Free | Partition Type: NTFS
Drive D: | 114.34 Gb Total Space | 77.41 Gb Free Space | 67.71% Space Free | Partition Type: NTFS
Drive E: | 8.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROGER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 15:01:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Files_RSM\OTL.exe
PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/06 18:06:30 | 000,669,480 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Disk Speedup\DSUDefragSrv.exe
PRC - [2013/01/11 09:08:34 | 000,363,520 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
PRC - [2013/01/02 10:23:58 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/12/18 17:52:34 | 001,820,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/12/18 17:50:42 | 000,656,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/05/30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/20 12:37:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/02/06 18:06:30 | 000,669,480 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Disk Speedup\DSUDefragSrv.exe -- (DSUDiskOptimizer)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS -- (WFIOCTL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- -- (NeroCdNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Gigabyte\ET5Pro\markfun.w32 -- (MarkFun_NT)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWCD2.sys -- (HSFHWCD2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/24 06:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/23 17:19:04 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/23 11:32:31 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130930.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/23 11:32:31 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/23 11:32:31 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/23 11:32:31 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130930.021\NAVENG.SYS -- (NAVENG)
DRV - [2013/09/21 00:37:40 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130928.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/05/23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 02:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/04/10 22:19:23 | 000,198,392 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pfmfs_853.sys -- (pfmfs_853)
DRV - [2013/03/05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/12/29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/09/21 21:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/07 16:05:42 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/15 11:21:37 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/07/21 17:07:36 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/27 10:26:10 | 000,016,376 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/21 02:10:24 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/03/01 06:12:16 | 000,075,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/03/01 06:12:16 | 000,058,368 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus)
DRV - [2006/04/20 15:20:22 | 000,019,456 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2006/04/20 14:50:34 | 000,059,776 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2006/04/20 14:49:26 | 000,009,600 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/10/08 03:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1997/12/22 18:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...?l=dis&o=101916
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.co...opt=1&ocid=iehp
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 DD A2 B0 D7 A7 CE 01 [binary data]
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\SearchScopes,DefaultScope = {48A86E08-B5DE-4D10-A71A-9B1C9355C69E}
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\SearchScopes\{48A86E08-B5DE-4D10-A71A-9B1C9355C69E}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: firefox-autofill%40googlegroups.com:3.6
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.23.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/02 10:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/02 10:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/10/01 10:06:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/09/23 16:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/21 17:06:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e207b206-e664-47a2-ad92-afae2f93c38e}: C:\Program Files\a2zlyr\131.xpi [2013/08/29 09:52:40 | 000,004,056 | ---- | M] ()

[2008/06/21 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/09/23 15:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions
[2013/03/20 14:54:16 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/08/29 09:52:40 | 000,000,000 | ---D | M] (a2zLyrics) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\131
[2012/12/05 09:49:02 | 000,149,045 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\[email protected]
[2013/03/20 14:29:06 | 000,067,503 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\[email protected]
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\askcom.xml
[2009/03/14 15:36:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\mozilla-add-ons.xml
[2013/07/03 10:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 10:29:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 10:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2013/07/03 10:29:15 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 10:29:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/01 10:06:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\COFFPLGN
[2010/08/25 11:45:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/01/02 10:24:10 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/04/22 09:48:01 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/10/21 15:33:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (a2zLyrics) - {70c9c475-71d7-4ff3-a65c-bb8a0c0ddcb7} - C:\Program Files\a2zlyr\131.dll (a2zLyrics)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files\Hoyle\Hoyle Card Games 2012\RegApp\encore_reg.exe (DataLode, Inc.)
O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files\Hoyle\Hoyle Card Games 2012\RegApp\encore_reg.exe (DataLode, Inc.)
O4 - HKU\S-1-5-21-823518204-412668190-839522115-1004..\Run: [HP Deskjet 4620 series (NET)] C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to Keyboard.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-412668190-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-823518204-412668190-839522115-1004\..Trusted Domains: subscribeonline.co.uk ([secure2] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1207122625000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MSHome
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013858D6-F9ED-465E-9540-BB557C2C9070}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007/01/01 22:13:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/09/19 17:34:05 | 000,000,065 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/29 17:15:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/09/24 17:06:03 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2013/09/24 17:06:03 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2013/09/23 17:18:50 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.sys
[2013/09/23 17:18:50 | 000,396,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdi.sys
[2013/09/23 17:18:50 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.sys
[2013/09/23 17:18:50 | 000,352,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys
[2013/09/23 17:18:50 | 000,339,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnets.sys
[2013/09/23 17:18:50 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys
[2013/09/23 17:18:50 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.sys
[2013/09/23 17:18:49 | 000,603,224 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys
[2013/09/23 17:18:49 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\ironx86.sys
[2013/09/23 17:18:49 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.sys
[2013/09/23 17:18:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\1404000.028
[2013/09/23 16:37:09 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/09/23 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/09/23 16:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2013/09/23 16:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2013/09/23 16:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2013/09/23 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/09/19 17:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pismo File Mount Audit Package
[2013/09/19 17:11:03 | 000,198,520 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmshx_853.dll
[2013/09/19 17:11:03 | 000,150,392 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfolder.exe
[2013/09/19 17:11:03 | 000,115,064 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pftest.exe
[2013/09/19 17:11:03 | 000,113,016 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\ptramfs.exe
[2013/09/19 17:11:02 | 000,164,728 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmzipfs.dll
[2013/09/19 17:11:02 | 000,127,864 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmshellfs.dll
[2013/09/19 17:11:02 | 000,123,768 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmsocketfs.dll
[2013/09/19 17:11:02 | 000,122,744 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmramfs.dll
[2013/09/19 17:11:02 | 000,101,752 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmredirfs.dll
[2013/09/19 17:11:01 | 000,388,472 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmapi_853.dll
[2013/09/19 17:11:01 | 000,322,936 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmpfolderfs.dll
[2013/09/19 17:11:01 | 000,248,184 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmisofs.dll
[2013/09/19 17:11:01 | 000,167,800 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmstat.exe
[2013/09/19 17:11:01 | 000,105,848 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmmosaicfs.dll
[2013/09/19 17:11:01 | 000,071,032 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmsyshost.exe
[2013/09/19 17:11:01 | 000,071,032 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmhost.exe
[2013/09/19 17:11:00 | 000,198,392 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\drivers\pfmfs_853.sys
[2013/09/19 17:11:00 | 000,104,824 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfm.exe
[2013/09/19 17:11:00 | 000,101,752 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\ptdllrun1.exe
[2013/09/19 17:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pismo File Mount Audit Package
[2013/09/18 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2013/09/18 10:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/09/17 15:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2013/09/09 09:52:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2013/09/02 09:54:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/01 10:09:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/10/01 10:06:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/01 10:06:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/01 10:05:59 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk
[2013/10/01 10:05:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 10:05:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/01 10:05:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/01 10:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/10/01 09:39:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 09:37:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/01 09:34:45 | 000,707,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
[2013/09/30 17:00:07 | 000,013,389 | ---- | M] () -- C:\WINDOWS\123r5.ini
[2013/09/30 17:00:05 | 000,000,987 | ---- | M] () -- C:\WINDOWS\lotus.ini
[2013/09/29 20:40:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/09/29 17:22:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/29 17:20:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/29 14:00:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/09/28 17:08:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/28 16:43:56 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2013/09/28 16:43:47 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\user\Desktop\iexplore.lnk
[2013/09/27 17:03:55 | 000,498,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/27 17:03:55 | 000,086,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/26 10:40:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/25 15:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/09/24 17:06:03 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2013/09/24 17:06:03 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2013/09/24 15:06:06 | 000,000,015 | ---- | M] () -- C:\WINDOWS\wgedit.ini
[2013/09/23 17:39:21 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/09/23 17:19:04 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/09/23 17:19:04 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/09/23 17:19:04 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/09/23 16:35:40 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Norton Installation Files.lnk
[2013/09/23 15:30:38 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NortonIdentifySafe.url
[2013/09/22 06:37:25 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 17:21:40 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/09/20 12:37:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 12:37:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 10:49:37 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\user\Desktop\WinRAR.lnk
[2013/09/18 10:40:02 | 000,002,360 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/29 17:22:25 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/28 16:43:56 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2013/09/28 16:42:42 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\user\Desktop\iexplore.lnk
[2013/09/28 16:41:16 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
[2013/09/23 17:38:04 | 000,707,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
[2013/09/23 17:19:41 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\VT20130115.021
[2013/09/23 17:18:50 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.cat
[2013/09/23 17:18:50 | 000,008,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnet.cat
[2013/09/23 17:18:50 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnetv.cat
[2013/09/23 17:18:50 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.cat
[2013/09/23 17:18:50 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.cat
[2013/09/23 17:18:50 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.inf
[2013/09/23 17:18:50 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.inf
[2013/09/23 17:18:50 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnetv.inf
[2013/09/23 17:18:50 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnet.inf
[2013/09/23 17:18:50 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.inf
[2013/09/23 17:18:50 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.inf
[2013/09/23 17:18:49 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.cat
[2013/09/23 17:18:49 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\iron.cat
[2013/09/23 17:18:49 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.inf
[2013/09/23 17:18:49 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.inf
[2013/09/23 17:18:49 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\iron.inf
[2013/09/23 17:18:09 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.cat
[2013/09/23 17:18:09 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.cat
[2013/09/23 17:18:09 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\isolate.ini
[2013/09/23 16:37:09 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/09/23 16:37:09 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/09/23 16:36:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/09/23 15:30:38 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NortonIdentifySafe.url
[2013/09/22 10:02:58 | 000,049,518 | ---- | C] () -- C:\Documents and Settings\user\Desktop\autoruns.chm
[2013/09/19 10:49:36 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\user\Desktop\WinRAR.lnk
[2013/09/18 10:40:02 | 000,002,360 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2013/09/18 10:37:59 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/09/04 15:09:13 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk
[2013/08/28 09:56:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\ipconfig
[2013/08/09 15:15:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\cls
[2013/02/27 17:29:55 | 000,327,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/27 17:29:55 | 000,327,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-412668190-839522115-1004-0.dat
[2013/02/19 15:31:57 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/09/21 20:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/07/07 10:40:26 | 000,000,241 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2012/02/15 10:36:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 14:43:50 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/02/14 09:25:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a03648
[2010/11/05 12:21:59 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a02524
[2010/10/23 17:06:48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a04068
[2010/10/20 14:20:58 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a01180
[2010/06/20 16:57:22 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\unzip.bat
[2010/06/08 09:53:49 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/20 12:39:31 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/07/20 12:39:31 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ADC15840AC.sys
[2008/06/12 15:36:38 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/27 14:52:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

========== ZeroAccess Check ==========

[2010/04/16 11:14:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/08/01 06:17:51 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/12 15:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2013/02/27 10:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2013/02/27 10:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2013/02/27 10:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Encore
[2010/06/10 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/06/11 17:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/10 18:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/09 16:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steganos
[2010/06/11 10:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/25 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/03/20 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/02/26 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2010/06/26 11:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/02/27 10:40:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
[2009/11/03 14:28:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2010/06/23 09:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2011/08/22 17:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2011/08/08 16:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Acronis
[2013/02/27 10:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle Card Games 2012
[2013/02/27 10:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle FaceCreator
[2011/10/29 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IGC
[2012/09/09 14:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2010/07/18 14:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder
[2008/07/21 10:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2011/10/15 15:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jigsaws Galore
[2013/04/17 16:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2008/06/11 17:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nuance
[2008/07/25 14:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Panasonic
[2011/11/11 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PDF Pro 10
[2008/03/30 12:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Printer Info Cache
[2010/02/10 18:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ScanSoft
[2008/04/19 10:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Steganos AntiSpam 2007
[2009/08/22 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\System Tweaker
[2010/05/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Trusteer
[2009/11/03 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF

< End of report >

Step 2

MBR Log:-

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-01 15:14:25
-----------------------------
15:14:25.390 OS Version: Windows 5.1.2600 Service Pack 3
15:14:25.390 Number of processors: 1 586 0x1601
15:14:25.390 ComputerName: ROGER UserName: user
15:14:25.859 Initialize success
15:15:18.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
15:15:18.875 Disk 0 Vendor: ST3250620A 3.AAF Size: 238474MB BusType: 3
15:15:19.062 Disk 0 MBR read successfully
15:15:19.062 Disk 0 MBR scan
15:15:19.062 Disk 0 Windows XP default MBR code
15:15:19.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 121389 MB offset 63
15:15:19.078 Disk 0 Partition - 00 0F Extended LBA 117083 MB offset 248605875
15:15:19.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 117083 MB offset 248605938
15:15:19.093 Disk 0 scanning sectors +488392065
15:15:19.125 Disk 0 scanning C:\WINDOWS\system32\drivers
15:15:24.812 Service scanning
15:15:26.218 Service BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys **LOCKED** 5
15:15:26.500 Service ccSet_N360 C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys **LOCKED** 5
15:15:28.046 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
15:15:28.593 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
15:15:30.250 Service IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130928.001\IDSxpx86.sys **LOCKED** 5
15:15:31.890 Service NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130930.021\NAVENG.SYS **LOCKED** 5
15:15:31.953 Service NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130930.021\NAVEX15.SYS **LOCKED** 5
15:15:35.140 Service SRTSPX C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSPX.SYS **LOCKED** 5
15:15:35.437 Service SymDS C:\WINDOWS\system32\drivers\N360\1404000.028\SYMDS.SYS **LOCKED** 5
15:15:35.468 Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
15:15:35.515 Service SymIRON C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS **LOCKED** 5
15:15:35.531 Service SYMTDI C:\WINDOWS\System32\Drivers\N360\1404000.028\SYMTDI.SYS **LOCKED** 5
15:15:37.781 Modules scanning
15:15:43.796 Disk 0 trace - called modules:
15:15:43.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:15:43.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5f8ab8]
15:15:43.812 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a6049e8]
15:15:43.812 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x8a661d98]
15:15:43.812 Scan finished successfully
15:16:33.531 Disk 0 MBR has been saved successfully to "D:\Files_RSM\Internet\MBR.dat"
15:16:33.546 The log file has been saved successfully to "D:\Files_RSM\Internet\aswMBR.txt"

Step 3

I have started to experience long delays with 100% CPU usage.
The culpret processe IS:- SVCHOST.EXE, SYSTEM.

Going to windows task manager and selecting
SVCHOST.EXE (SYSTEM), which is using 98 to 100% CPU,and "ending process" cures the problem.

You can see all the steps taken to date under "FORUMS OPERATING SYSTEMS WINDOWS XP" Same subject title as here.

Regards

Roger Mortimer

You can see all the steps taken to date under "FORUMS OPERATING SYSTEMS WINDOWS XP"
  • 0

#4
blmadara
Posted 02 October 2013 - 10:55 AM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi RogerMortimer,

Step One: OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Note: If you are using the pro version or trial version of Malwarebytes 1.6 or higher please disable it for the duration of this fix as it may interfere with the successful execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.



Run OTL
Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (do not copy the word "quote")

    :Commands
    [createrestorepoint]

    :OTL
    IE - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
    [2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\askcom.xml
    [2013/08/29 09:52:40 | 000,000,000 | ---D | M] (a2zLyrics) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\131
    [2011/04/22 09:48:01 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (a2zLyrics) - {70c9c475-71d7-4ff3-a65c-bb8a0c0ddcb7} - C:\Program Files\a2zlyr\131.dll (a2zLyrics)
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-823518204-412668190-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to Keyboard.lnk = File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - File not found
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [2013/10/01 10:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

    :Files
    ipconfig /flushdns /c
    C:\Program Files\a2zlyr
    c:\docume~1\alluse~1\applic~1\browse~1

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces in your next reply.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two: AdwCleaner

Download AdwCleaner from here or here and save it to your desktop.
Run AdwCleaner and select Scan. Once the scan is complete, select Clean.

Posted Image

Once done it will ask to reboot, allow this.
On reboot a log will be produced, please post it in your next reply.

Step Three: Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step Four: How is your computer running?

Please let me know how your computer is running and what specific problems remain.


What I need in your next post:
1. Both OTL logs, the one from the fix and the new scan.
2. The log from the AdwCleaner scan.
3. The Security Check log, checkup.txt.
4. Let me know what problems remain.
  • 0

#5
RogerMortimer
Posted 04 October 2013 - 02:04 AM

RogerMortimer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi.
Access to programmes such as Excel from shortcuts is very much faster.
Some months ago the CAPS LOCK indicator and Calendar button were disabled (Presumably by an update)despite showing enabled in the keyboard programme. Calling up and then exiting the KB Prog cured things until the next reboot. I put the KB Prog in the start up Menu and exited on boot as a temporary cure.

The latest actions you called for have removed the KB Prog from start up and cured the problem!!

Only time will tell if high CPU usage recurs but so far so good. Boot time has been reduced and general performance seems quicker.

The only remaining problem is that the computer reboots on shut down. Post of 29th July under forum operating systems windows xp refers
I have followed all the suggestions to no avail. Any ideas.

Very many thanks for your help.

Regards

Roger Mortimer.

Here are the logs.

OTL FIX LOG
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
File C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\askcom.xml not found.
Folder C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\131\ not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70c9c475-71d7-4ff3-a65c-bb8a0c0ddcb7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70c9c475-71d7-4ff3-a65c-bb8a0c0ddcb7}\ not found.
File C:\Program Files\a2zlyr\131.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
File move failed. C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to Keyboard.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll deleted successfully.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Files_RSM\cmd.bat deleted successfully.
D:\Files_RSM\cmd.txt deleted successfully.
File\Folder C:\Program Files\a2zlyr not found.
File\Folder c:\docume~1\alluse~1\applic~1\browse~1 not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 1312 bytes
->Temporary Internet Files folder emptied: 44472 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36498 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26002 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10032013_144341

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to Keyboard.lnk not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_15c.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL QUICK SCAN LOG

OTL logfile created on: 10/3/2013 2:48:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Files_RSM
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.85% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.54 Gb Total Space | 75.38 Gb Free Space | 63.59% Space Free | Partition Type: NTFS
Drive D: | 114.34 Gb Total Space | 77.41 Gb Free Space | 67.70% Space Free | Partition Type: NTFS
Drive E: | 8.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROGER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 15:01:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Files_RSM\OTL.exe
PRC - [2013/08/22 19:01:18 | 001,237,080 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/06 18:06:30 | 000,669,480 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Disk Speedup\DSUDefragSrv.exe
PRC - [2013/01/11 09:08:34 | 000,363,520 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
PRC - [2013/01/02 10:23:58 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/12/18 17:52:34 | 001,820,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/12/18 17:50:42 | 000,656,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/22 19:01:22 | 000,081,496 | ---- | M] () -- C:\Program Files\WinRAR\Formats\z.fmt
MOD - [2013/08/22 19:01:21 | 000,071,768 | ---- | M] () -- C:\Program Files\WinRAR\Formats\tar.fmt
MOD - [2013/08/22 19:01:20 | 000,087,128 | ---- | M] () -- C:\Program Files\WinRAR\Formats\gz.fmt
MOD - [2013/08/22 19:01:19 | 000,082,008 | ---- | M] () -- C:\Program Files\WinRAR\Formats\arj.fmt
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/05/30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/20 12:37:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/02/06 18:06:30 | 000,669,480 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Disk Speedup\DSUDefragSrv.exe -- (DSUDiskOptimizer)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS -- (WFIOCTL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- -- (NeroCdNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Gigabyte\ET5Pro\markfun.w32 -- (MarkFun_NT)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWCD2.sys -- (HSFHWCD2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/24 06:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/23 17:19:04 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/23 11:32:31 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131002.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/23 11:32:31 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/23 11:32:31 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/23 11:32:31 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131002.022\NAVENG.SYS -- (NAVENG)
DRV - [2013/09/21 00:37:40 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131002.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/05/23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 02:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/04/10 22:19:23 | 000,198,392 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pfmfs_853.sys -- (pfmfs_853)
DRV - [2013/03/05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/12/29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/09/21 21:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/07 16:05:42 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/15 11:21:37 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/07/21 17:07:36 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/27 10:26:10 | 000,016,376 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/21 02:10:24 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/03/01 06:12:16 | 000,075,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/03/01 06:12:16 | 000,058,368 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus)
DRV - [2006/04/20 15:20:22 | 000,019,456 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2006/04/20 14:50:34 | 000,059,776 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2006/04/20 14:49:26 | 000,009,600 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/10/08 03:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1997/12/22 18:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...?l=dis&o=101916
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.co...opt=1&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 DD A2 B0 D7 A7 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {48A86E08-B5DE-4D10-A71A-9B1C9355C69E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{48A86E08-B5DE-4D10-A71A-9B1C9355C69E}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: firefox-autofill%40googlegroups.com:3.6
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.23.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/02 10:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/02 10:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/10/03 14:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/09/23 16:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/21 17:06:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e207b206-e664-47a2-ad92-afae2f93c38e}: C:\Program Files\a2zlyr\131.xpi

[2008/06/21 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/09/23 15:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions
[2013/03/20 14:54:16 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/12/05 09:49:02 | 000,149,045 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\[email protected]
[2013/03/20 14:29:06 | 000,067,503 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\[email protected]
[2009/03/14 15:36:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\searchplugins\mozilla-add-ons.xml
[2013/07/03 10:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 10:29:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 10:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2013/07/03 10:29:15 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/19 17:13:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/03 10:29:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/03 14:47:41 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\COFFPLGN
[2010/08/25 11:45:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/01/02 10:24:10 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2013/10/03 14:44:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [HP Deskjet 4620 series (NET)] C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: subscribeonline.co.uk ([secure2] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1207122625000 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MSHome
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013858D6-F9ED-465E-9540-BB557C2C9070}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007/01/01 22:13:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/09/19 17:34:05 | 000,000,065 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/29 17:15:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/09/24 17:06:03 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2013/09/23 17:18:50 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.sys
[2013/09/23 17:18:50 | 000,396,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdi.sys
[2013/09/23 17:18:50 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.sys
[2013/09/23 17:18:50 | 000,352,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys
[2013/09/23 17:18:50 | 000,339,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnets.sys
[2013/09/23 17:18:50 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys
[2013/09/23 17:18:50 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.sys
[2013/09/23 17:18:49 | 000,603,224 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys
[2013/09/23 17:18:49 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\ironx86.sys
[2013/09/23 17:18:49 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.sys
[2013/09/23 17:18:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\1404000.028
[2013/09/23 16:37:09 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/09/23 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/09/23 16:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2013/09/23 16:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2013/09/23 16:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2013/09/23 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/09/19 17:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pismo File Mount Audit Package
[2013/09/19 17:11:03 | 000,198,520 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmshx_853.dll
[2013/09/19 17:11:03 | 000,150,392 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfolder.exe
[2013/09/19 17:11:03 | 000,115,064 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pftest.exe
[2013/09/19 17:11:03 | 000,113,016 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\ptramfs.exe
[2013/09/19 17:11:02 | 000,164,728 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmzipfs.dll
[2013/09/19 17:11:02 | 000,127,864 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmshellfs.dll
[2013/09/19 17:11:02 | 000,123,768 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmsocketfs.dll
[2013/09/19 17:11:02 | 000,122,744 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmramfs.dll
[2013/09/19 17:11:02 | 000,101,752 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmredirfs.dll
[2013/09/19 17:11:01 | 000,388,472 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmapi_853.dll
[2013/09/19 17:11:01 | 000,322,936 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmpfolderfs.dll
[2013/09/19 17:11:01 | 000,248,184 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmisofs.dll
[2013/09/19 17:11:01 | 000,167,800 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmstat.exe
[2013/09/19 17:11:01 | 000,105,848 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\pfmmosaicfs.dll
[2013/09/19 17:11:01 | 000,071,032 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmsyshost.exe
[2013/09/19 17:11:01 | 000,071,032 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfmhost.exe
[2013/09/19 17:11:00 | 000,198,392 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\drivers\pfmfs_853.sys
[2013/09/19 17:11:00 | 000,104,824 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\pfm.exe
[2013/09/19 17:11:00 | 000,101,752 | ---- | C] (Pismo Technic Inc.) -- C:\WINDOWS\System32\ptdllrun1.exe
[2013/09/19 17:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pismo File Mount Audit Package
[2013/09/18 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2013/09/18 10:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/09/17 15:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2013/09/09 09:52:32 | 000,000,000 | ---D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[2013/10/03 14:46:15 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk
[2013/10/03 14:45:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/03 14:45:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/03 14:45:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/03 14:45:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/03 14:45:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/03 14:44:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/10/03 14:39:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/03 14:37:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/03 14:00:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/10/03 10:10:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/03 10:09:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/10/02 17:14:07 | 000,013,389 | ---- | M] () -- C:\WINDOWS\123r5.ini
[2013/10/02 17:13:02 | 000,000,987 | ---- | M] () -- C:\WINDOWS\lotus.ini
[2013/10/02 15:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-412668190-839522115-1004.job
[2013/10/01 15:25:37 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\user\Application Data\default.rss
[2013/10/01 15:25:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/01 09:34:45 | 000,707,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
[2013/09/29 20:40:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/09/29 17:22:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/29 17:20:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/28 17:08:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/28 16:43:56 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2013/09/28 16:43:47 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\user\Desktop\iexplore.lnk
[2013/09/27 17:03:55 | 000,498,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/27 17:03:55 | 000,086,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/24 17:06:03 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2013/09/24 15:06:06 | 000,000,015 | ---- | M] () -- C:\WINDOWS\wgedit.ini
[2013/09/23 17:39:21 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/09/23 17:19:04 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/09/23 17:19:04 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/09/23 17:19:04 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/09/23 16:35:40 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Norton Installation Files.lnk
[2013/09/23 15:30:38 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NortonIdentifySafe.url
[2013/09/22 06:37:25 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 17:21:40 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/09/19 10:49:37 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\user\Desktop\WinRAR.lnk
[2013/09/18 10:40:02 | 000,002,360 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk

========== Files Created - No Company Name ==========

[2013/10/01 15:25:37 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\user\Application Data\default.rss
[2013/09/29 17:22:25 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/28 16:43:56 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2013/09/28 16:42:42 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\user\Desktop\iexplore.lnk
[2013/09/28 16:41:16 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
[2013/09/23 17:38:04 | 000,707,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
[2013/09/23 17:19:41 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\VT20130115.021
[2013/09/23 17:18:50 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.cat
[2013/09/23 17:18:50 | 000,008,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnet.cat
[2013/09/23 17:18:50 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnetv.cat
[2013/09/23 17:18:50 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.cat
[2013/09/23 17:18:50 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.cat
[2013/09/23 17:18:50 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.inf
[2013/09/23 17:18:50 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.inf
[2013/09/23 17:18:50 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnetv.inf
[2013/09/23 17:18:50 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symnet.inf
[2013/09/23 17:18:50 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.inf
[2013/09/23 17:18:50 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symelam.inf
[2013/09/23 17:18:49 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.cat
[2013/09/23 17:18:49 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\iron.cat
[2013/09/23 17:18:49 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.inf
[2013/09/23 17:18:49 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.inf
[2013/09/23 17:18:49 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\iron.inf
[2013/09/23 17:18:09 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.cat
[2013/09/23 17:18:09 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.cat
[2013/09/23 17:18:09 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\isolate.ini
[2013/09/23 16:37:09 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/09/23 16:37:09 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/09/23 16:36:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/09/23 15:30:38 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NortonIdentifySafe.url
[2013/09/22 10:02:58 | 000,049,518 | ---- | C] () -- C:\Documents and Settings\user\Desktop\autoruns.chm
[2013/09/19 10:49:36 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\user\Desktop\WinRAR.lnk
[2013/09/18 10:40:02 | 000,002,360 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2013/09/04 15:09:13 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk
[2013/08/28 09:56:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\ipconfig
[2013/08/09 15:15:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\cls
[2013/02/27 17:29:55 | 000,327,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/27 17:29:55 | 000,327,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-412668190-839522115-1004-0.dat
[2013/02/19 15:31:57 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/09/21 20:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/07/07 10:40:26 | 000,000,241 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2012/02/15 10:36:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 14:43:50 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/02/14 09:25:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a03648
[2010/11/05 12:21:59 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a02524
[2010/10/23 17:06:48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a04068
[2010/10/20 14:20:58 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\a01180
[2010/06/20 16:57:22 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\unzip.bat
[2010/06/08 09:53:49 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/20 12:39:31 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/07/20 12:39:31 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ADC15840AC.sys
[2008/06/12 15:36:38 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/27 14:52:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

========== ZeroAccess Check ==========

[2010/04/16 11:14:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/08/01 06:17:51 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/12 15:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2013/02/27 10:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2013/02/27 10:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2013/02/27 10:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Encore
[2010/06/10 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/06/11 17:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/10 18:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/09 16:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steganos
[2010/06/11 10:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/25 09:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/03/20 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/02/26 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2010/06/26 11:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/02/27 10:40:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
[2009/11/03 14:28:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2011/08/08 16:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Acronis
[2013/02/27 10:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle Card Games 2012
[2013/02/27 10:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hoyle FaceCreator
[2011/10/29 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IGC
[2012/09/09 14:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2010/07/18 14:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder
[2008/07/21 10:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2011/10/15 15:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jigsaws Galore
[2013/04/17 16:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2008/06/11 17:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nuance
[2008/07/25 14:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Panasonic
[2011/11/11 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PDF Pro 10
[2008/03/30 12:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Printer Info Cache
[2010/02/10 18:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ScanSoft
[2008/04/19 10:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Steganos AntiSpam 2007
[2009/08/22 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\System Tweaker
[2010/05/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Trusteer
[2009/11/03 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF

< End of report >

ADW CLEANER LOG

# AdwCleaner v3.006 - Report created 03/10/2013 at 15:14:59
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - ROGER
# Running from : D:\Files_RSM\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (en-GB)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\8rpro5as.default\prefs.js ]


[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [11380 octets] - [30/08/2013 10:21:50]
AdwCleaner[R1].txt - [2234 octets] - [03/10/2013 15:13:41]
AdwCleaner[S0].txt - [11756 octets] - [30/08/2013 10:25:56]
AdwCleaner[S1].txt - [2140 octets] - [03/10/2013 15:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2200 octets] ##########

CHECKUP.TXT

Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
`````````Anti-malware/Other Utilities Check:`````````
CCleaner (remove only)
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox 22.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
  • 0

#6
blmadara
Posted 05 October 2013 - 01:11 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi RogerMortimer,

Very many thanks for your help.


You're quite welcome!!

Step One: Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Two: ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked.
  • Make sure that the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic

Step Three: Remaining Problems

Please let me know how your computer is running and what specific problems remain.

What I need in your next post:
1. The MBAM report.
2. The ESET log, C:\Program Files\EsetOnlineScanner\log.txt.
3. Let me know what problems remain.
  • 0

#7
RogerMortimer
Posted 06 October 2013 - 09:12 AM

RogerMortimer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Step 1 Log.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: ROGER [administrator]

10/6/2013 3:13:36 PM
mbam-log-2013-10-06 (15-13-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202210
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\boot.inX (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Step 2 Log.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1b7e2ab8a9adc74daaab9122665b024f
# engine=15374
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2013-10-06 02:45:06
# local_time=2013-10-06 04:45:06 (+0200, South Africa Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3592 16777213 100 93 101782 131733202 0 0
# scanned=81915
# found=9
# cleaned=0
# scan_time=3817
sh=DE33325E686C82C12DB1F95F39E94AC746F5B5B5 ft=1 fh=d789ebaae8b3bc52 vn="a variant of Win32/Somoto.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\user\Local Settings\Application Data\Bundled software uninstaller\biclient.exe.vir"
sh=76039D5A64EF897B1AA388EED70452774019DB59 ft=1 fh=890f56b03e669e11 vn="Win32/Somoto.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\user\Local Settings\Application Data\FilesFrog Update Checker\update_checker.exe.vir"
sh=0DE17AAE896F7C665DD147D03F88B93C5494F1FD ft=1 fh=2830c169101cc519 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir"
sh=536F9F8FA5C0E92B884616E545AE9CB7F93B9C60 ft=1 fh=4bff633d36d4e818 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir"
sh=DBCB2F6EDD55FAC1FFE42BD68FB4C6E6B1EE8B6B ft=1 fh=908c5f430aba1b1a vn="a variant of Win32/Somoto.A application" ac=I fn="D:\Files_RSM\Downloads\7ZipSetup.exe"
sh=D90FC14C15AE24531E64BF5525377687BB3B0CC5 ft=1 fh=9cdf2d56a01cd88f vn="Win32/InstalleRex.C application" ac=I fn="D:\Files_RSM\Downloads\PDFdownload.exe"
sh=4E368CFE4F538F5B51DE01759A7BA94756798BFC ft=1 fh=f37eec2c574c8da3 vn="a variant of Win32/Somoto.A application" ac=I fn="D:\Files_RSM\7ZipSetup.exe"
sh=84FBC21E10B4E45EA82C66F944F2AA6361CAE6DF ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="D:\_OTL\MovedFiles\10032013_142741\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8e5zyfhm.default\extensions\131\chrome\content\main.js"
sh=281911E9A332A6B2127EAE261A8CD1D1F97C4DDF ft=1 fh=6e53dded28b1fdf1 vn="a variant of Win32/AdWare.AddLyrics.T application" ac=I fn="D:\_OTL\MovedFiles\10032013_142741\C_Program Files\a2zlyr\131.dll"

Step 3.

I will follow up with any remaining problems after using for a few hours.
  • 0

#8
blmadara
Posted 08 October 2013 - 07:39 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi RogerMortimer,

How is your computer behaving? Is it still rebooting on shutdown?

Congratulations, your logs appear clean again! Now we have some cleanup to do.


Clean up with OTL

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 
    :Commands 
[Clearallrestorepoints] 
[emptytemp]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the Cleanup button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Note: If any logs/tools remain on your desktop > right click and delete them.

Update Firefox

Your version of firefox is not up to date. Download the latest version of Firefox here, save it to your desktop, and install it.


Preventative Programs

Microsoft XP Warning
The support for Windows XP with Service Pack 3 ends April 8, 2014. If you’re running Windows XP with Service Pack 3 (SP3) after support ends, to ensure that you will receive all important security updates for Windows, you need to upgrade to a later version, such as Windows 8. If you continue running XP your computer will not be secure.

Anti Spyware

I recommend updating and scanning with MalwareBytes Anti-Malware once a week to rid your system of spyware.


Anti-Virus Software Advice

Your anti-virus software, Norton 360, is setup to download and install updates as they become available. I also advise that you run a full scan weekly, to further protect yourself.

Temp File Cleaner

Finally, it is a good idea to clear out all your temp files every now and then. This will help keep your computer from slowing down and it can also assist in getting rid of files that may contain malicious code that could re-infect your computer.
  • TFC is a great tool to clean temporary files.

Update Windows

It is important to keep your operating system updated. To enable Automatic Updates so that updates are downloaded and installed automatically, click here.

Importance of Regular System Maintenance

I advise you to read both articles listed below. They are loaded with information that will help you keep your computer running well.

Help! My computer is slow!

What to do if your Computer is running slowly

Finally, to learn more about how to protect yourself while on the internet read How did I get infected?


I will keep this thread open for a few days, so if you have any further problems post another reply here.
  • 0

#9
RogerMortimer
Posted 10 October 2013 - 07:04 AM

RogerMortimer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Remaining problems:-
1. Computer still restarts until power supply is removed.
2. Windows system restore does not work. There is a Revouninstallers restore point yesterday but after trying to restore (Just to check if
it will) the message is "unable to restore".
3. On shutdown a box appears saying waiting for RUNDLL.EXE to shut down which takes about 20 seconds.
  • 0

#10
blmadara
Posted 11 October 2013 - 12:48 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi RogerMortimer,

Step One: Create Restore Point

Run OTL
  • Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (Do not copy the word, "Quote")

    :Commands
    [Clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, until it is done
  • Reboot the computer and try and restore it using the restore point that was created in the above fix.
Note: If you are using the pro version or trial version of Malwarebytes 1.6 or higher please disable it for the duration of this fix as it may interfere with the successful execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Let me know if you were able to restore your computer using the newly created restore point.

Step Two: Safe Mode

Boot the computer into Safe Mode. Shut the computer down and let me know if it shuts down properly, or if it reboots.

What I need in your next post:
1. Let me know if you were able to restore your computer using the newly created restore point.
2. Let me know if your computer shut down properly from safe mode.
  • 0

#11
Essexboy
Posted 16 October 2013 - 11:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP