Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Malware problem [Closed]


  • This topic is locked This topic is locked

#1
RickMath

RickMath

    Member

  • Member
  • PipPipPip
  • 177 posts
Help

I am having a new problem. Somehow when trying to get Thunderbird cleaned up to ask for passwords a new program got installed. It was Search Protect. Now after a reboot it appears to be gone but my Thunderbird does not download email or ask for a password. I am blocked from removing the Search protect.

Here is the OTL log.

Hopefully we can get this resolved.

Thanks

++++++++++++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 12/14/2013 10:07:01 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 55.22% Memory free
11.55 Gb Paging File | 10.73 Gb Available in Paging File | 92.91% Paging File free
Paging file location(s): C:\pagefile.sys 10000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 435.28 Gb Total Space | 359.37 Gb Free Space | 82.56% Space Free | Partition Type: NTFS
Drive D: | 30.47 Gb Total Space | 23.54 Gb Free Space | 77.26% Space Free | Partition Type: FAT32
Drive F: | 3.72 Gb Total Space | 3.48 Gb Free Space | 93.56% Space Free | Partition Type: FAT32
Drive H: | 375.74 Gb Total Space | 222.96 Gb Free Space | 59.34% Space Free | Partition Type: NTFS
Drive I: | 180.00 Gb Total Space | 179.93 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: REMARK2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/15 22:26:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/08 06:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
PRC - [2013/10/05 22:27:28 | 000,129,424 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
PRC - [2013/10/01 07:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/16 20:13:28 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/09/01 12:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 22:26:52 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/10 21:49:37 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/10/10 21:49:32 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/10/10 21:49:31 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/10/10 21:48:33 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/10/10 21:48:32 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/10/10 21:48:30 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/10/10 21:48:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/10/10 21:48:28 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/10/10 21:48:26 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/10/10 21:48:20 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/10/10 21:34:01 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dll
MOD - [2013/10/10 21:19:11 | 006,817,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/10 21:19:01 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 21:18:32 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/10 21:17:20 | 007,070,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/08/14 10:01:09 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/14 09:59:06 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 09:58:54 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/14 08:17:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/14 08:08:46 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 08:08:04 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 08:07:39 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 07:59:17 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/10 10:25:34 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/10 10:18:01 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/11 11:50:53 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/11 11:50:53 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/11 11:50:50 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/11 11:50:50 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/11 11:50:50 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/11 11:50:50 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/11 11:50:50 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/11 11:50:49 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/11 11:50:48 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/11 11:50:48 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/11 11:50:48 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/01/15 01:01:30 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/15 01:01:29 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/01/15 01:01:28 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/01/15 01:01:26 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/15 01:01:25 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/15 01:01:25 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/15 01:01:23 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/01/15 01:01:21 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/15 01:01:21 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/15 01:01:21 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/03/16 08:37:34 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/03/16 08:37:34 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/03/16 08:37:33 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/03/16 08:37:33 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/03/16 08:37:32 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/16 08:37:32 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/15 09:41:21 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/01/31 21:50:17 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/01/31 21:50:16 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/01/31 17:00:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/01/31 17:00:04 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/01/31 17:00:00 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/01/31 16:59:59 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/01/31 16:59:59 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/01/31 16:59:59 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/10 14:57:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/15 22:26:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 06:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\21.1.0.18\NAV.exe -- (NAV)
SRV - [2013/10/05 22:27:28 | 000,129,424 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe -- (NCO)
SRV - [2012/10/01 02:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/08/24 11:17:12 | 000,772,488 | ---- | M] (Panopto) [Auto | Stopped] -- C:\Program Files\Panopto\Focus Recorder\Recorder.exe -- (PanoptoRecorderService)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/05 20:15:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/30 10:27:22 | 000,558,592 | ---- | M] (ReaSoft) [On_Demand | Stopped] -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/16 20:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Disabled | Stopped] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/09/01 12:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/12/14 18:28:17 | 000,382,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/12/03 13:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/23 08:31:17 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/23 08:31:17 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/19 23:41:44 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/11/19 01:00:00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131214.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/11/19 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131214.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/09/27 14:23:30 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys -- (ccSet_NST)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,421,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\ccSetx86.sys -- (ccSet_NAV)
DRV - [2013/09/09 21:47:42 | 000,047,960 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2013/09/09 21:47:42 | 000,047,960 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/02/04 10:59:46 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/09/18 04:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 04:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 04:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 04:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 04:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/06/30 03:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/03/17 22:51:26 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2007/03/17 22:51:26 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/03/17 22:46:34 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2006/06/14 04:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/09/01 14:27:45 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 14:24:44 | 001,081,856 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2005/09/01 14:20:51 | 000,022,528 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/09/01 12:11:52 | 001,912,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/09/01 12:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 12:09:28 | 002,169,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\..\SearchScopes,DefaultScope = {9F85C4A4-49F4-4306-8888-9E5C14D92230}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
IE - HKCU\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9F85C4A4-49F4-4306-8888-9E5C14D92230}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9F85C4A4-49F4-4306-8888-9E5C14D92230}: "URL" = http://search.condui...6141397254&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "att.net"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013/11/23 07:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [2013/12/14 22:05:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 22:26:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.3.1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2007/03/18 07:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.3.1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/05/11 21:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/05/11 21:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/12/14 21:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rz3wieaw.default\extensions
[2013/12/14 21:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rz3wieaw.default\extensions\[email protected]
[2007/03/18 07:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Sunbird\Profiles\9no5krhu.default\extensions
[2013/11/15 22:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 22:26:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/15 22:26:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/15 22:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 22:26:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2007/11/13 00:10:57 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Connect DLC 5 Toolbar) - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://my.att.net/ (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://my.att.net (Windows Genuine Advantage Validation Tool)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://196.168.1.101/VatDec.cab (VatCtrl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1173557680015 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} http://196.168.1.102/xplugLiteDL.cab (Gif89 Lite Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://mobilecountym...s/acgm/acgm.cab (ActiveCGM Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80443072-5384-4D29-A197-604ECE8884D8}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99428022-E604-4953-9CA3-1A907533A46A}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ccf9f728-e005-11dd-92d2-0018f301bf81}\Shell - "" = AutoRun
O33 - MountPoints2\{ccf9f728-e005-11dd-92d2-0018f301bf81}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ccf9f728-e005-11dd-92d2-0018f301bf81}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/14 21:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Old Firefox Data
[2013/12/14 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/14 20:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/12/14 20:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\SearchProtect
[2013/12/14 20:24:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2013/12/14 20:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Thunderbird Fix It
[2013/12/14 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\100dof_thunderbird_fix_it
[2013/12/14 20:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Connect_DLC_5
[2013/12/14 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit
[2013/12/14 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/12/14 20:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Connect_DLC_5
[2013/12/14 20:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/12/11 00:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/12/05 22:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoCAD R14
[2013/12/05 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD R14
[2013/12/05 14:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\RF Kitchen
[2013/12/04 20:10:44 | 013,067,608 | ---- | C] (Respondus, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\respondus4campus_2.exe
[2013/12/04 17:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Rena Medical Forms
[2013/11/29 22:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Mobile Property
[2013/11/26 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Renee Understanding
[2013/11/23 18:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/23 18:12:30 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Compaq_Owner\Desktop\esetsmartinstaller_enu.exe
[2013/11/23 08:11:29 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Compaq_Owner\Desktop\JRT_NEW.exe
[2013/11/23 07:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCOTEMP
[2013/11/23 07:29:34 | 000,127,064 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DE06000.01B\ccSetx86.sys
[2013/11/23 07:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2013/11/23 07:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DE06000.01B
[2013/11/23 07:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2013/11/23 07:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
[2013/11/23 07:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2013/11/23 07:25:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/17 12:55:26 | 001,243,680 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2013/11/17 05:01:55 | 000,000,000 | ---D | C] -- C:\NTFS 1
[2013/11/17 03:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Data Recovery Wizard 6.1
[2013/11/17 03:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2013/11/15 22:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/15 00:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\HP
[2013/11/15 00:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Albums
[2013/11/15 00:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\HP
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/14 22:07:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/12/14 22:06:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/14 22:05:00 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/12/14 22:04:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/14 22:04:11 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/14 21:57:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/14 21:22:35 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/14 20:09:40 | 000,000,009 | ---- | M] () -- C:\END
[2013/12/10 21:48:19 | 000,377,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/10 20:57:13 | 000,758,577 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1501000.012\Cat.DB
[2013/12/10 18:31:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/10 14:57:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/10 14:57:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/06 21:54:27 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/12/06 13:22:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/06 11:45:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/12/05 22:19:08 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD R14.lnk
[2013/12/04 20:12:17 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Respondus 4.0 Campus-Wide.lnk
[2013/12/04 20:11:07 | 013,067,608 | ---- | M] (Respondus, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\respondus4campus_2.exe
[2013/12/03 13:41:28 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\securitycheck.exe
[2013/11/25 18:31:37 | 000,020,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1501000.012\VT20131125.019
[2013/11/24 12:00:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/11/23 18:12:45 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Compaq_Owner\Desktop\esetsmartinstaller_enu.exe
[2013/11/23 08:01:26 | 001,085,542 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
[2013/11/23 07:28:23 | 000,002,092 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2013/11/21 08:40:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2013/11/19 23:41:44 | 000,142,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/11/19 23:41:44 | 000,008,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/11/19 23:41:44 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/11/18 22:24:31 | 000,000,281 | ---- | M] () -- C:\boot.ini
[2013/11/17 12:56:45 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2013/11/17 12:55:26 | 001,243,680 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2013/11/17 04:53:52 | 001,839,541 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Renee pictures.rsf
[2013/11/17 03:03:26 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Data Recovery Wizard 6.1.lnk
[2013/11/14 23:21:02 | 000,963,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/14 23:21:02 | 000,276,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/14 20:07:13 | 000,000,009 | ---- | C] () -- C:\END
[2013/12/05 22:19:08 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD R14.lnk
[2013/12/04 20:12:17 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Respondus 4.0 Campus-Wide.lnk
[2013/12/03 13:41:28 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\securitycheck.exe
[2013/11/23 08:01:25 | 001,085,542 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
[2013/11/23 07:29:24 | 000,000,829 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DE06000.01B\ccSetx86.inf
[2013/11/23 07:29:23 | 000,008,194 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DE06000.01B\ccSetx86.cat
[2013/11/23 07:29:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DE06000.01B\isolate.ini
[2013/11/17 12:55:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2013/11/17 04:53:52 | 001,839,541 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Renee pictures.rsf
[2013/11/17 03:03:26 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Data Recovery Wizard 6.1.lnk
[2013/04/23 16:03:59 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.smartpls
[2013/02/04 10:59:46 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/10/25 19:37:25 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2012/10/25 19:37:25 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2012/07/08 14:56:27 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/04/02 19:58:07 | 004,456,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-410384743-1110348229-2040147953-1008-0.dat
[2012/04/02 19:58:03 | 000,341,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/02 07:51:37 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2010/10/14 21:43:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/07/25 15:51:52 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\webct_upload_applet.properties
[2008/12/01 23:12:18 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2008/11/09 10:28:56 | 000,037,226 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Snapshot.jpg
[2007/03/14 00:16:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2007/03/10 13:33:13 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\WT61UK.UWL
[2007/03/10 13:33:13 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\WT61OZ.UWL
[2007/03/10 13:33:13 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\WT61CE.UWL
[2007/03/10 13:33:12 | 000,008,260 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\WT61US.UWL
[2007/03/10 12:03:50 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/08/01 13:11:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,911 posts
Hi RickMath, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Why have you run OTL.exe seven times? Were there any issues? Post the Extras.txt generated by OTL.exe on its first run. It is located in C:\Documents and Settings\Compaq_Owner\Desktop.

 

  • Step #1 Scan with Security Check
    • Download Security Check by screen317 to your Desktop from any of the following location;
    • Link 1
    • Link 2
  • Right click on the program and choose Run as Administrator;
  • After the checking a log will appear;
  • Copy and Paste the content of the log in your next reply.

 

  • Required Log(s):
  • Security Check Log;
  • Extras.txt

Regards,
Valinorum
  • 0

#3
RickMath

RickMath

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
Thanks for responding.

I cannot find the extras.txt file. Should I run otl again. the old files were for a previous problem.

Here is the security check log.

Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
Norton AntiVirus
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
CCleaner
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (25.0.1)
Mozilla Thunderbird (It..)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Norton AntiVirus Norton AntiVirus Engine 21.1.0.18\NAV.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,911 posts
Hi RickMath, :)

  • Step #2 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    IE - HKCU\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{9F85C4A4-49F4-4306-8888-9E5C14D92230}: "URL" = http://search.condui...6141397254&UM=2
    O2 - BHO: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Connect DLC 5 Toolbar) - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} - C:\Program Files\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
    [2013/12/14 20:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Connect_DLC_5
    [2013/12/14 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit
    [2013/12/14 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
    [2013/12/14 20:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Connect_DLC_5
    [2013/11/23 18:12:30 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Compaq_Owner\Desktop\esetsmartinstaller_enu.exe
    [2013/11/23 08:11:29 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Compaq_Owner\Desktop\JRT_NEW.exe
    [2013/11/23 08:01:25 | 001,085,542 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe

    :Commands
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #2 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

  • Step #3 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

  • Step #4 Scan with OTL
  • Re-run OTL;
  • Copy and Paste the following code inside the Custom Scans/Fixes box;
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • From the Extra Registry option, choose Use Safe List;
  • Click the Run Scan button;
  • After the scan two logs will be produced;
  • Copy and paste the content of the logs in your next reply

 

  • Required Log(s):
  • OTL Fix Log;
  • AdwCleaner Log;
  • Junkware Removal Tool Log;
  • OTL Log(s) --
  • OTL.txt;
  • Extras.txt
[/list]
Regards,
Valinorum
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP