Windows Vista/ HelpPane.exe process issue.

[Jess72]

Hello, I opened task manager to see if something was causing my machine to run sluggish and I noticed HelpPane.exe was using about 50% CPU?.. SpyBot found W3i.IQ5.fraud when I did a scan a few days ago and not sure if it would've caused this? I checked the properties of HelpPane.exe and it all looked legit...FireFox runs slow and IE runs a tad faster but freezes and gives me a script error asking if I want to continue or stop running script.

 

Thank you

[KenB]

Hi and welcome to ExTS

 

HelpPane is a non-system Windows process.

From what I have read it is not considered to be CPU intensive.

If you are experiencing 50% CPU usage it could be malware related.

 

Spybot is not the software of choice for our Security Experts.

 

Download MBAM from here: click on Products - you want the free version.

http://www.malwarebytes.org/

 

Install > Update > Run it

 

It will produce a log in Notepad.

Copy this and paste it here.

 

One of our security experts will advise you further. Please be patient - they are extremely busy.

[Jess72]

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

 

Database version: 911122404

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

 

12/24/2011 10:32:41 AM

mbam-log-2011-12-24 (10-32-41).txt

 

Scan type: Quick scan

Objects scanned: 156597

Time elapsed: 4 minute(s), 37 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[Jess72]

I will run full scan and post it.. Didn't realize it was the quick version..

[Starbuck]

Hi Jess72

 

Malwarebytes' Anti-Malware 1.51.2.1300

 

Database version: 911122404

The version of MBAM and the database you are using... are out of date.

 

Please update MBAM before running another scan:

Start MBAM

Click on the Update tab

 

http://img.photobucket.com/albums/v708/starbuck50/new/mbamnew.png

 

Click Check for Updates

 

The latest Version/Database is: Malwarebytes' Anti-Malware 1.60.0.1800

 

Database version: v2012.01.01.01

 

If it says that MBAM needs to close to update it... let it close and then restart.

Once the program has restarted, click 'check for updates' again to ensure you have the latest database version.

Then click the Scan button.

 

Don't forget:

• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

[Jess72]

Ok, I updated and ran the scan.

 

Malwarebytes Anti-Malware 1.60.0.1800

http://www.malwarebytes.org

 

Database version: v2011.12.24.05

 

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19088

Ed Downey :: DOWNEY-PC [administrator]

 

1/1/2012 10:59:10 AM

mbam-log-2012-01-01 (10-59-10).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 311642

Time elapsed: 1 hour(s), 26 minute(s), 12 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckynugget (PUP.Casino.Gen) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\Microgaming\Casino\LuckyNugget\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

C:\Users\Ed Downey\Documents\luckynugget.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

 

(end)

[Starbuck]

Hi Jess72

 

If your system is still running slow, try this:

 

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

If it's still running slow after that, let us know and we'll get some more scans done and see if anything gets thrown up.

[Jess72]

I ran the TFC and it cleaned about 100mb of temp files. System still seems the same.. . I'm noticing high CPU usage when I run IE. 90% at times.. I dont know if this means anything but when I minimize the browser window to the task bar, the CPU usage drops very low to like 7% then back up to 80% when window maximized.. Not sure if this means anything?

 

Thank you all for the help

[Starbuck]

I ran the TFC and it cleaned about 100mb of temp files

Thats not a lot and shouldn't have caused any problems.

 

Let's see if OTL can throw up any reason for this:

 

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

Thanks

[Jess72]

OTL logfile created on: 1/2/2012 10:10:28 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed Downey\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 56.93% Memory free

3.99 Gb Paging File | 3.00 Gb Available in Paging File | 75.24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.83 Gb Total Space | 212.20 Gb Free Space | 72.71% Space Free | Partition Type: NTFS

Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.06% Space Free | Partition Type: NTFS

 

Computer Name: DOWNEY-PC | User Name: Ed Downey | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Ed Downey\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\System32\dlcxcoms.exe ( )

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120102.018\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120102.018\NAVENG.SYS (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)

DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (EN1046) -- C:\Windows\System32\drivers\EN1046.sys (F=ma Network)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://muscatinejournal.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com"

FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2010.0122.2102

FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:7000.2010.1020.1412

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4

FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ed Downey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/10/08 08:03:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2012/01/02 13:47:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/07 22:31:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 17:53:54 | 000,000,000 | ---D | M]

 

[2010/07/06 19:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Extensions

[2010/07/06 19:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2011/12/31 12:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Firefox\Profiles\0drkc7vu.default\extensions

[2011/04/29 08:23:24 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Ed Downey\AppData\Roaming\Mozilla\Firefox\Profiles\0drkc7vu.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}

[2011/12/07 22:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/01/02 13:47:26 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_4_3

[2011/10/08 08:03:50 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN

() (No name found) -- C:\USERS\ED DOWNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DRKC7VU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

() (No name found) -- C:\USERS\ED DOWNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DRKC7VU.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI

[2010/01/23 03:01:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/12/07 22:31:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/30 12:47:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/07 22:31:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

O1 HOSTS File: ([2011/06/15 09:29:20 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)

O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} C:\Users\EDDOWN~1\AppData\Local\Temp\f5tmp\cachecleaner.cab (F5 Networks CacheCleaner)

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\EDDOWN~1\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6500A081-25B8-49A2-9865-73A9D7E5FDC3}: DhcpNameServer = 66.207.0.3 66.207.0.2

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Ed Downey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ed Downey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/01/19 13:13:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\Shell - "" = AutoRun

O33 - MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe

O33 - MountPoints2\{e615d589-7e9f-11df-a86c-001a9248ae3d}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/02 22:07:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ed Downey\Desktop\OTL.exe

[2012/01/02 13:43:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Ed Downey\Desktop\TFC.exe

[2012/01/01 12:23:01 | 000,000,000 | ---D | C] -- C:\Users\Ed Downey\Desktop\Ed's payroll

[2011/12/16 19:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG

[2011/12/16 19:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX

[2011/12/16 19:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics

[2006/11/03 17:07:06 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe

[2006/11/03 17:07:04 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe

[2006/11/03 17:07:02 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe

[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll

[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll

[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll

[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll

[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll

[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll

[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll

[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll

[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll

[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll

[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/02 22:09:45 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{995C6DC9-287E-4A56-8C13-4B91434ACEC2}.job

[2012/01/02 21:47:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/02 21:47:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/02 17:29:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job

[2012/01/02 13:52:23 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/01/02 13:52:23 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/01/02 13:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/02 13:46:57 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/31 13:07:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/31 11:30:15 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2011/12/31 11:30:15 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2011/12/31 11:07:25 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2011/12/31 11:07:22 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2011/12/24 10:39:28 | 000,022,446 | ---- | M] () -- C:\Users\Ed Downey\Documents\cc_20111224_103832.reg

[2011/12/23 21:48:50 | 000,000,223 | ---- | M] () -- C:\Users\Ed Downey\Desktop\xbox gamertag.rtf

[2011/12/21 12:05:35 | 000,398,516 | ---- | M] () -- C:\Users\Ed Downey\Documents\Downey (1).pdf

[2011/12/19 13:21:12 | 000,007,040 | ---- | M] () -- C:\Users\Ed Downey\Documents\Your refinance.eml

[2011/12/16 19:18:38 | 000,000,065 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini

[2011/12/15 12:25:30 | 000,001,326 | ---- | M] () -- C:\Users\Ed Downey\Documents\auto loan quote bofa.rtf

[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/12/07 10:49:15 | 000,000,456 | ---- | M] () -- C:\Users\Ed Downey\Documents\uptown.rtf

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/12/31 13:07:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/31 11:07:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/12/31 11:07:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/12/24 10:38:38 | 000,022,446 | ---- | C] () -- C:\Users\Ed Downey\Documents\cc_20111224_103832.reg

[2011/12/21 12:05:38 | 000,398,516 | ---- | C] () -- C:\Users\Ed Downey\Documents\Downey (1).pdf

[2011/12/19 13:21:10 | 000,007,040 | ---- | C] () -- C:\Users\Ed Downey\Documents\Your refinance.eml

[2011/12/16 19:18:36 | 000,000,065 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini

[2011/12/14 23:48:43 | 000,001,326 | ---- | C] () -- C:\Users\Ed Downey\Documents\auto loan quote bofa.rtf

[2011/12/11 19:34:21 | 000,000,223 | ---- | C] () -- C:\Users\Ed Downey\Desktop\xbox gamertag.rtf

[2011/12/07 10:49:15 | 000,000,456 | ---- | C] () -- C:\Users\Ed Downey\Documents\uptown.rtf

[2011/05/12 13:06:00 | 000,001,940 | ---- | C] () -- C:\Users\Ed Downey\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/03/19 14:51:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2010/09/22 10:48:15 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2010/09/08 10:04:04 | 000,000,000 | ---- | C] () -- C:\Users\Ed Downey\AppData\Roaming\wklnhst.dat

[2010/04/24 18:48:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2010/04/24 18:48:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

[2010/04/24 18:47:59 | 000,000,223 | ---- | C] () -- C:\Windows\PowerReg.dat

[2010/03/23 02:01:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/03/23 02:01:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/01/21 11:00:21 | 000,013,312 | ---- | C] () -- C:\Users\Ed Downey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/19 13:07:32 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe

[2010/01/19 13:02:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll

[2010/01/19 13:02:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll

[2006/11/09 08:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 06:47:37 | 000,279,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll

[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll

[2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll

[2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll

[2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll

[2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll

[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll

[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll

[2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll

[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll

[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll

[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll

[2006/08/11 01:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/08/11 01:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll

[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll

[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll

[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

 

========== LOP Check ==========

 

[2011/10/19 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\Fighters

[2011/08/31 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\FreeFileViewer

[2010/07/23 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\Philipp Winterberg

[2010/07/06 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\TomTom

[2011/03/10 19:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\WeatherBug

[2010/07/21 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Ed Downey\AppData\Roaming\WildTangent

[2012/01/02 17:29:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

[2012/01/02 13:46:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/01/02 22:09:45 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{995C6DC9-287E-4A56-8C13-4B91434ACEC2}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2012/01/02 13:46:56 | 000,010,300 | ---- | M] () -- C:\aaw7boot.log

[2010/01/19 13:13:45 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2008/01/18 22:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr

[2010/01/19 12:52:18 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012/01/02 13:46:57 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/14 19:31:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/04/14 19:31:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/01/02 13:46:56 | 2325,549,056 | -HS- | M] () -- C:\pagefile.sys

[2010/01/19 13:07:34 | 000,000,402 | ---- | M] () -- C:\RHDSetup.log

[2011/03/19 14:55:43 | 000,299,558 | ---- | M] () -- C:\scramble.log

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/10/20 01:33:28 | 000,117,760 | ---- | M] () -- C:\Windows\system32\Spool\prtprocs\w32x86\dlcxdrpp.dll

[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %PROGRAMFILES%\* >

[2010/03/21 13:54:45 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/07 22:31:30 | 000,713,600 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/07 22:31:31 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 805 bytes -> C:\Users\Ed Downey\Documents\Your refinance.eml:OECustomProperty

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C22674B6

 

< End of report >

 

 

OTL Extras logfile created on: 1/2/2012 10:10:28 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed Downey\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 56.93% Memory free

3.99 Gb Paging File | 3.00 Gb Available in Paging File | 75.24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.83 Gb Total Space | 212.20 Gb Free Space | 72.71% Space Free | Partition Type: NTFS

Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.06% Space Free | Partition Type: NTFS

 

Computer Name: DOWNEY-PC | User Name: Ed Downey | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04765613-15CB-4624-8832-04D131E5ABB9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{15D6B308-BFAE-46D1-A4CA-D0BF9F1B9059}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{232297C2-6510-440C-90C9-730F61C05268}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |

"{3B1FD089-DEA4-4AEA-AFB8-2E368087EBC6}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{464843FA-1983-466A-A0AA-F311C1DB3D86}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{4F9DAE31-E0CB-41E0-98BD-A1E9CD1C90EC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{5F787E9C-C418-4F29-9EF1-024EF14CDD4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{6956EB94-5274-441A-9B29-CC60F7E4C409}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{6B83DA01-4A57-4BEF-8F67-9099EFA72C17}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{745FF233-7384-40E0-BD8D-49705CE651BA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{75DCAAF4-CD9B-4958-92DA-2D4B0ECAD004}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{7CFC10F7-DDFD-4B0A-80F1-5DA4312B53AB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{96352AF4-D3A6-4AF5-B19F-BF2625C07AFC}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |

"{9A810DA8-FB74-4862-A253-813C70987579}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |

"{ABA4E752-864E-44D9-9263-82CC54BB03AE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{D8A00579-6A09-4E91-98F8-5C354BAE9DD6}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |

"{F53A094E-0D84-4061-9528-141BCDD82C37}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 25

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Battleship - Fleet Command" = Battleship - Fleet Command (remove only)

"BFGC" = Big Fish Games Client

"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™

"CCleaner" = CCleaner

"Cisco Connect" = Cisco Connect

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"Free RAR Extract Frog" = Free RAR Extract Frog

"FreeFileViewer_is1" = Free File Viewer 2011

"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"N360" = Norton 360

"NetDevil_LEGO_Universe_is1" = LEGO Universe

"NVIDIA Drivers" = NVIDIA Drivers

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PokerStars" = PokerStars

"TomTom HOME" = TomTom HOME 2.7.5.2014

"Trusted Software Assistant_is1" = File Type Assistant

"WildTangent hpdesktop Master Uninstall" = My HP Games

"Zuma Deluxe" = Zuma Deluxe

"Zune" = Zune

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11/14/2011 7:37:02 PM | Computer Name = Downey-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp

0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,

exception code 0xc0000005, fault offset 0x000678d8, process id 0x1368, application

start time 0x01cca32343f709e0.

 

Error - 11/21/2011 2:18:23 PM | Computer Name = Downey-PC | Source = Application Error | ID = 1000

Description = Faulting application ccSvcHst.exe, version 10.1.1.16, time stamp 0x4daa1893,

faulting module APPMGR32.DLL, version 18.6.0.29, time stamp 0x4dba03e8, exception

code 0xc0000005, fault offset 0x000154e0, process id 0xaf0, application start time

0x01cc8e74a3fd732d.

 

Error - 11/23/2011 5:13:52 PM | Computer Name = Downey-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.19088 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1dc0 Start Time: 01ccaa1bf188d850 Termination Time: 11

 

Error - 11/24/2011 3:01:27 AM | Computer Name = Downey-PC | Source = VSS | ID = 12289

Description =

 

Error - 11/24/2011 3:01:27 AM | Computer Name = Downey-PC | Source = System Restore | ID = 8193

Description =

 

Error - 11/24/2011 3:01:27 AM | Computer Name = Downey-PC | Source = System Restore | ID = 8210

Description =

 

Error - 12/3/2011 6:41:10 PM | Computer Name = Downey-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 12/4/2011 1:11:05 PM | Computer Name = Downey-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 12/9/2011 1:32:24 PM | Computer Name = Downey-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.19088 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 67c Start Time: 01ccb697fe8bfdb0 Termination Time: 0

 

Error - 12/16/2011 9:16:29 PM | Computer Name = Downey-PC | Source = VSS | ID = 8194

Description =

 

[ Media Center Events ]

Error - 2/1/2011 4:07:16 PM | Computer Name = Downey-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

 

[ System Events ]

Error - 12/28/2011 1:13:54 AM | Computer Name = Downey-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.110 for the Network Card with network

address 001A9248AE3D has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 1/1/2012 2:29:05 PM | Computer Name = Downey-PC | Source = HTTP | ID = 15016

Description =

 

Error - 1/1/2012 2:30:40 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 1/1/2012 5:47:15 PM | Computer Name = Downey-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 3:18:59 PM on 1/1/2012 was unexpected.

 

Error - 1/1/2012 5:47:18 PM | Computer Name = Downey-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.110 for the Network Card with network

address 001A9248AE3D has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 1/1/2012 5:47:19 PM | Computer Name = Downey-PC | Source = HTTP | ID = 15016

Description =

 

Error - 1/1/2012 5:48:49 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 1/2/2012 3:43:36 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7034

Description =

 

Error - 1/2/2012 3:47:06 PM | Computer Name = Downey-PC | Source = HTTP | ID = 15016

Description =

 

Error - 1/2/2012 3:48:41 PM | Computer Name = Downey-PC | Source = Service Control Manager | ID = 7000

Description =

 

 

< End of report >

[Starbuck]

Hi Jess72

 

Well there's nothing in the way of malware showing in the reports.

There's a couple of things we can address, but apart from that i can only make a few recommendations:

 

Recommendation.

Spybot Search & Destroy and Ad-Aware are both 'old hat' now.

Neither of these programs will do as good a job or be updated as regularly as MBAM will.

Apart from Norton 360 you also have Windows Defender running..... so another reason that Spybot and Ad-Aware are not needed. ( too much security is just as bad as too little).

The more security programs you have running... the more chance of conflicts.

I honestly don't know of many people that would recommend Norton 360 as a preferred AV solution.

It does slow down your system to a certain extent and will also add 'crapware' to your system. ( which is unforgivable for a paid AV)

This will explain things better:

http://www.techradar.com/reviews/pc-mac/software/utilities/anti-malware-software/symantec-norton-360-v5-940919/review

 

I personally run MS Security Essentials on all my systems now and have never had any problems at all.

Other alternatives are:

Avira AntiVir

Avast free

Which I have used in the past.

 

Like i say, these are only recommendations as what you run on your system is up to you.

 

To tidy up the report:

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\Shell - "" = AutoRun
O33 - MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{e615d589-7e9f-11df-a86c-001a9248ae3d}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C22674B6

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 7 Update 2 and save it to your desktop.
  
• Scroll down to where it says "Java SE 7 Update 2".
  
• Click the "Download JRE" button to the right.
  
• Accept the license agreement.
  
• select 'Windows x86'offline from the list.
  
• Save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u2-windows-i586-p.exe to install the newest version.

 

 

 

In your next reply, please submit:

Otl fix report.

 

I'm more than happy to keep digging deeper if you want.

 

 

Thanks.

[Jess72]

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c50edeac-1dff-11e1-a10c-001a9248ae3d}\ not found.

File J:\TL_Bootstrap.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e615d589-7e9f-11df-a86c-001a9248ae3d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e615d589-7e9f-11df-a86c-001a9248ae3d}\ not found.

File K:\InstallTomTomHOME.exe not found.

ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Ed Downey\Desktop\cmd.bat deleted successfully.

C:\Users\Ed Downey\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Ed Downey

->Temp folder emptied: 25750454 bytes

->Temporary Internet Files folder emptied: 49372046 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 42777815 bytes

->Flash cache emptied: 470 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 112.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_233322

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

I took your advice and changed AV, updated Java and removed Ad-aware and spybot.. I will see how things go for a day or two and reply with any issues..

 

Thank you for all the help!

[Starbuck]

Hi Jess72

 

I took your advice and changed AV, updated Java and removed Ad-aware and spybot.. I will see how things go for a day or two and reply with any issues..

If you removed Norton, i should point out that it's one hell of a program to remove completely.

There's always registry entries it leaves behind.

It's always best to run the Norton Removal tool to ensure everything has been removed.

 

To remove Norton Products completely:

Go to: Norton Removal Tool

 

Download it to your 'Desktop'.

Then click on the desktop icon to run the removal tool.

 

Good idea to run the system for a couple of days.

Let us know how it goes.