Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow system and movement to generic search engine

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow system and movement to generic search engine

Unread postby timbo » July 22nd, 2011, 4:37 pm

My system has slowed down and when entering a website in the address bar, a generic search engine site pops up with topics similar to the website I was going to.

Also, this computer is a laptop that I took with me when my company closed down. Any idea how to get rid of the log in screen and the domain requirement?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:41 PM, on 7/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagull\BarTender\8.0\CmdrSrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\ole3232.exe
C:\WINDOWS\system32\atmpvcno32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aigismech.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {01AD1A64-BF7E-4D67-98C7-767BFF8AC852} - C:\WINDOWS\system32\atmpvcno32.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\tnay\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9883166640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9883148140
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://jp-appserver.jeffparish.net/webmap/acgm/Acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aigismech.com
O17 - HKLM\Software\..\Telephony: DomainName = aigismech.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aigismech.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Commander Service - Seagull Scientific - C:\Program Files\Seagull\BarTender\8.0\CmdrSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi32) - AIDEX Team - C:\WINDOWS\system32\ole3232.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10597 bytes
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm
Advertisement
Register to Remove

Re: Slow system and movement to generic search engine

Unread postby askey127 » July 24th, 2011, 7:08 am

Hi timbo,
Before We Start, Some Notes On This Process
During this repair, we may need to remove some obsolete programs, and some which interfere with our tools.
We will install replacements later.
Please do not install or uninstall any programs, or scan with anything, unless I ask, until we are through cleaning.
---------------------------------------------
First, some questions if I may:
  • Is the Norton Antivirus installed here up to date ?
  • Do you still have need for the Seagull software for barcode printing, etc. ?
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aigismech.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {01AD1A64-BF7E-4D67-98C7-767BFF8AC852} - C:\WINDOWS\system32\atmpvcno32.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aigismech.com
O17 - HKLM\Software\..\Telephony: DomainName = aigismech.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aigismech.com

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 8:42 am

Per your questions:

-Norton is current and I have it run Live Update upon start up and do a quick scan at the same time. I generally run a full system scan once a week.

-I no longer need Seagull's Bartender.

HiJack This: I performed the tasks you requested and "fixed" the 6 items.

I rebooted the system, downloaded OTL.EXE, checked the boxes you selected, and ran the scan. The two text files you requested will by in the two responses below this one.
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 8:42 am

OTL logfile created on: 7/24/2011 8:28:22 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\tnay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 82.16% Memory free
7.94 Gb Paging File | 7.46 Gb Available in Paging File | 93.93% Paging File free
Paging file location(s): C:\pagefile.sys 4977 4977 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.40 Gb Total Space | 22.34 Gb Free Space | 51.46% Space Free | Partition Type: NTFS
Drive D: | 90.06 Gb Total Space | 87.63 Gb Free Space | 97.30% Space Free | Partition Type: NTFS

Computer Name: AIG-LTP-XP-059 | User Name: tnay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 08:24:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
PRC - [2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\ole3232.exe
PRC - [2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\atmpvcno32.exe
PRC - [2011/06/26 15:25:35 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 17:27:36 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 17:09:12 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/30 20:06:56 | 002,471,280 | ---- | M] (Seagull Scientific) -- C:\Program Files\Seagull\BarTender\8.0\CmdrSrv.exe
PRC - [2007/07/20 17:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/24 08:24:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
MOD - [2011/06/26 15:26:13 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\WINDOWS\system32\ole3232.exe -- (Wmi32)
SRV - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2008/08/20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/08/30 20:06:56 | 002,471,280 | ---- | M] (Seagull Scientific) [Auto | Running] -- C:\Program Files\Seagull\BarTender\8.0\CmdrSrv.exe -- (Commander Service)
SRV - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/17 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110723.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110723.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/01 16:28:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/17 19:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 19:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 13:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/05/27 15:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/04/22 15:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 15:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/04 17:49:46 | 000,018,712 | ---- | M] (TeraByte, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phylock.sys -- (phylock)
DRV - [2008/08/29 00:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/22 00:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]

IE - HKU\S-1-5-21-220523388-790525478-1801674531-1274\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-220523388-790525478-1801674531-1274\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
IE - HKU\S-1-5-21-220523388-790525478-1801674531-1274\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\tnay\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/26 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 15:26:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 15:27:00 | 000,000,000 | ---D | M]

[2010/04/15 16:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Extensions
[2011/07/13 10:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions
[2010/04/15 16:55:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/10 13:10:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/24 08:23:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}
[2010/05/08 21:22:30 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\firefox@tvunetworks.com
[2011/01/27 15:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/28 18:42:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/26 15:26:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/02/11 15:20:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {01AD1A64-BF7E-4D67-98C7-767BFF8AC852} - C:\WINDOWS\system32\atmpvcno32.dll (AIDEX Team)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-220523388-790525478-1801674531-1274..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-790525478-1801674531-1274\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 9883166640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9883148140 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://jp-appserver.jeffparish.net/webmap/acgm/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aigismech.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 12:41:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5f781223-c56b-11df-92a2-0015c5243daa}\Shell - "" = AutoRun
O33 - MountPoints2\{5f781223-c56b-11df-92a2-0015c5243daa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f781223-c56b-11df-92a2-0015c5243daa}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/24 08:24:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
[2011/07/24 08:17:46 | 000,350,208 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\atmpvcno32.dll
[2011/07/21 19:35:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tnay\Recent
[2011/07/18 13:32:03 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/07/18 13:31:56 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/07/18 13:31:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/07/18 13:31:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/07/18 13:31:54 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/07/18 13:31:52 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/07/18 13:31:49 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/07/18 13:31:46 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/07/18 13:31:44 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/07/18 13:31:31 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/07/18 13:31:31 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/07/18 13:31:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/07/18 13:31:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/07/18 13:31:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/07/18 13:31:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/07/18 13:31:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/07/18 13:31:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/07/18 13:31:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/07/18 13:31:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/07/13 18:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tnay\My Documents\My Barnes & Noble eBooks
[2011/07/13 18:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Barnes & Noble
[2011/07/13 18:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tnay\Application Data\Barnes & Noble
[2011/07/13 18:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble
[2011/07/13 10:02:56 | 000,556,032 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\atmpvcno32.exe
[2011/07/13 10:02:55 | 000,556,032 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ole3232.exe
[2011/07/05 20:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tnay\Application Data\vlc
[2011/07/05 20:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/05 20:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/26 20:45:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/26 15:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/26 15:26:02 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/06/26 15:25:41 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/26 15:25:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/26 15:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\tnay\Desktop\*.tmp files -> C:\Documents and Settings\tnay\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\tnay\*.tmp files -> C:\Documents and Settings\tnay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/24 08:24:42 | 000,463,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/24 08:24:42 | 000,078,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/24 08:24:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
[2011/07/24 08:21:18 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/07/24 08:21:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/24 08:20:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-790525478-1801674531-1274.job
[2011/07/24 08:20:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/24 08:20:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/24 08:17:46 | 000,350,208 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\atmpvcno32.dll
[2011/07/24 06:48:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/22 14:52:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/22 07:38:47 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\tnay\My Documents\Default.rdp
[2011/07/19 13:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-790525478-1801674531-1274.job
[2011/07/18 20:28:42 | 035,364,676 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\temp10.flv
[2011/07/18 17:15:06 | 102,801,881 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\temp9.flv
[2011/07/18 17:05:31 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\tnay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 17:05:17 | 146,655,695 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\temp8.wmv
[2011/07/15 06:49:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/13 18:49:43 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NOOK for PC.lnk
[2011/07/13 17:42:42 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 10:02:56 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\1323918268
[2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\ole3232.exe
[2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\atmpvcno32.exe
[2011/07/13 07:00:15 | 000,055,499 | ---- | M] () -- C:\Documents and Settings\tnay\Desktop\DonnaDL.pdf
[2011/07/05 20:45:30 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/05 20:31:55 | 000,001,466 | ---- | M] () -- C:\Documents and Settings\tnay\Desktop\DivX Movies.lnk
[2011/07/05 20:19:34 | 004,127,232 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\anyasam.avi
[2011/06/28 09:13:18 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\db1.mdb
[2011/06/26 20:50:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\tnay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/26 15:26:50 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/26 15:26:02 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/06/26 15:25:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/26 15:25:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/26 15:25:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\tnay\Desktop\*.tmp files -> C:\Documents and Settings\tnay\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\tnay\*.tmp files -> C:\Documents and Settings\tnay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 20:28:42 | 035,364,676 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\temp10.flv
[2011/07/18 17:15:06 | 102,801,881 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\temp9.flv
[2011/07/18 17:05:17 | 146,655,695 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\temp8.wmv
[2011/07/13 18:49:43 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NOOK for PC.lnk
[2011/07/13 10:02:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\1323918268
[2011/07/13 07:00:15 | 000,055,499 | ---- | C] () -- C:\Documents and Settings\tnay\Desktop\DonnaDL.pdf
[2011/07/05 20:45:30 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/05 20:19:34 | 004,127,232 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\anyasam.avi
[2011/06/28 09:07:38 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\db1.mdb
[2011/06/26 15:26:50 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/05 08:18:42 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/06/05 08:18:42 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/02/28 21:18:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 14:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bartend.INI
[2010/08/28 18:44:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/27 18:45:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\tnay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 16:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/05 12:15:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/02/04 08:30:50 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2010/02/01 17:41:26 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/02/01 17:41:26 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/01 15:20:30 | 000,000,475 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/01 12:14:22 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/02/01 12:14:21 | 001,663,488 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/02/01 12:14:21 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/02/01 12:14:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/02/01 12:14:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/02/01 11:39:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\tbicd2hd.exe
[2010/01/21 17:03:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/11/17 13:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 13:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/21 13:32:45 | 000,042,743 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/12/21 13:06:22 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/12/21 13:06:21 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/21 13:06:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/21 13:06:21 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/21 13:06:20 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/21 13:06:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/21 13:06:16 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/21 13:06:16 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/21 12:44:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/21 12:37:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/21 08:20:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/21 08:18:46 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,463,184 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,078,964 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/21 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/21 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 07:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/12/21 15:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/02/01 16:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aigismechsuperuser\Application Data\Windows Desktop Search
[2011/03/13 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/05/05 11:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/10/19 14:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagull
[2010/02/01 12:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/23 07:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/13 18:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Barnes & Noble
[2011/03/14 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\mjusbsp
[2010/02/05 12:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\pdf995
[2011/06/14 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\TeamViewer
[2010/02/01 16:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Windows Desktop Search
[2010/02/05 08:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Windows Search
[2010/02/04 08:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Xerox
[2008/12/21 14:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF08C48A

< End of report >
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 8:44 am

OTL Extras logfile created on: 7/24/2011 8:28:22 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\tnay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 82.16% Memory free
7.94 Gb Paging File | 7.46 Gb Available in Paging File | 93.93% Paging File free
Paging file location(s): C:\pagefile.sys 4977 4977 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.40 Gb Total Space | 22.34 Gb Free Space | 51.46% Space Free | Partition Type: NTFS
Drive D: | 90.06 Gb Total Space | 87.63 Gb Free Space | 97.30% Space Free | Partition Type: NTFS

Computer Name: AIG-LTP-XP-059 | User Name: tnay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\iERP60\AIGIS-02\PROD60\DotNet\Intuitive2.exe" = C:\iERP60\AIGIS-02\PROD60\DotNet\Intuitive2.exe:*:Enabled:6.0.2 -- (Intuitive Mfg. Systems, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{0A649E72-DB35-4C54-968E-CECAECA7E293}" = OZ776 SCR CardBus V1.1.3.6
"{13FE1ECE-8024-461B-88EC-F717CF571047}" = Intuitive ERP Crystal Runtime Setup
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 19
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{345E4F56-6C84-11D4-842A-00105A72BDB5}" = PowerTerm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AB384ADA-6F34-4CFD-BD10-FA77F6047DE5}" = BarTender 8.01.2179
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FD3B532A-BF56-44F4-9CF3-DE5A38BCCD00}" = Open Text Imagenation 8.30 (V)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BN_DesktopReader" = NOOK for PC
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EASEUS Partition Master Server Edition_is1" = EASEUS Partition Master 4.0 Server Edition
"ftp995" = ftp995
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Image for Windows (V2)_is1" = Image for Windows 2.30a
"InstallShield_{0A649E72-DB35-4C54-968E-CECAECA7E293}" = OZ776 SCR CardBus V1.1.3.6
"Intuitive Mfg Systems Client" = Intuitive ERP Client - AIGIS-02 - PROD60
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"VLC media player" = VLC media player 1.1.10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2011 9:32:45 PM | Computer Name = AIG-LTP-XP-059 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 7/22/2011 9:56:05 PM | Computer Name = AIG-LTP-XP-059 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/22/2011 9:56:06 PM | Computer Name = AIG-LTP-XP-059 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/22/2011 9:56:15 PM | Computer Name = AIG-LTP-XP-059 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/23/2011 6:59:18 AM | Computer Name = AIG-LTP-XP-059 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/23/2011 5:49:10 PM | Computer Name = AIG-LTP-XP-059 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2011 6:42:19 AM | Computer Name = AIG-LTP-XP-059 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2011 8:20:19 AM | Computer Name = AIG-LTP-XP-059 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/24/2011 8:20:19 AM | Computer Name = AIG-LTP-XP-059 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/24/2011 8:20:22 AM | Computer Name = AIG-LTP-XP-059 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 7/24/2011 6:42:19 AM | Computer Name = AIG-LTP-XP-059 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2011 6:57:19 AM | Computer Name = AIG-LTP-XP-059 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2011 8:09:51 AM | Computer Name = AIG-LTP-XP-059 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2011 8:09:53 AM | Computer Name = AIG-LTP-XP-059 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2011 8:20:18 AM | Computer Name = AIG-LTP-XP-059 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AIGISMECH due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 7/24/2011 8:20:38 AM | Computer Name = AIG-LTP-XP-059 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/24/2011 8:20:39 AM | Computer Name = AIG-LTP-XP-059 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/24/2011 8:20:39 AM | Computer Name = AIG-LTP-XP-059 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/24/2011 8:20:41 AM | Computer Name = AIG-LTP-XP-059 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2011 8:21:35 AM | Computer Name = AIG-LTP-XP-059 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby askey127 » July 24th, 2011, 11:18 am

timbo,
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

BarTender 8.01.2179
Java(TM) 6 Update 19
Adobe Reader 9.4.4

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    AutoEnrollment
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
    O2 - BHO: (no name) - {01AD1A64-BF7E-4D67-98C7-767BFF8AC852} - C:\WINDOWS\system32\atmpvcno32.dll (AIDEX Team)
    IE - HKU\S-1-5-21-220523388-790525478-1801674531-1274\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1A AD 01 7E BF 67 4D 98 C7 76 7B FF 8A C8 52 [binary data]
    DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2009/04/22 15:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
    DRV - [2009/04/22 15:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
    SRV - [2007/08/30 20:06:56 | 002,471,280 | ---- | M] (Seagull Scientific) [Auto | Running] -- C:\Program Files\Seagull\BarTender\8.0\CmdrSrv.exe -- (Commander Service)
    SRV - [2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\WINDOWS\system32\ole3232.exe -- (Wmi32)
    
    :Files
    C:\Documents and Settings\All Users\Application Data\Seagull
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So we are looking for the log from SystemLook, and the log (OTL.txt) from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 1:16 pm

OTL logfile created on: 7/24/2011 1:08:56 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\tnay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 72.34% Memory free
7.94 Gb Paging File | 7.34 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 4977 4977 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.40 Gb Total Space | 23.27 Gb Free Space | 53.61% Space Free | Partition Type: NTFS
Drive D: | 90.06 Gb Total Space | 87.63 Gb Free Space | 97.30% Space Free | Partition Type: NTFS

Computer Name: AIG-LTP-XP-059 | User Name: tnay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 08:24:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
PRC - [2011/06/26 15:25:35 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:48:36 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 17:27:36 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 17:09:12 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 17:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/24 08:24:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
MOD - [2011/06/26 15:26:13 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 17:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2008/08/20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/17 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110723.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110723.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/01 16:28:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/17 19:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 19:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 13:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/05/27 15:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/04 17:49:46 | 000,018,712 | ---- | M] (TeraByte, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phylock.sys -- (phylock)
DRV - [2008/08/29 00:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/22 00:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\tnay\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/26 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 15:26:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 12:48:14 | 000,000,000 | ---D | M]

[2010/04/15 16:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Extensions
[2011/07/13 10:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions
[2010/04/15 16:55:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/10 13:10:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/24 12:46:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}
[2010/05/08 21:22:30 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\firefox@tvunetworks.com
[2011/01/27 15:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/28 18:42:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/26 15:26:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 9883166640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9883148140 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://jp-appserver.jeffparish.net/webmap/acgm/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aigismech.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 12:41:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5f781223-c56b-11df-92a2-0015c5243daa}\Shell - "" = AutoRun
O33 - MountPoints2\{5f781223-c56b-11df-92a2-0015c5243daa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f781223-c56b-11df-92a2-0015c5243daa}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/24 13:02:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/24 08:47:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tnay\Recent
[2011/07/24 08:24:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
[2011/07/13 18:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tnay\My Documents\My Barnes & Noble eBooks
[2011/07/13 18:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Barnes & Noble
[2011/07/13 18:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tnay\Application Data\Barnes & Noble
[2011/07/13 18:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble
[2011/07/13 10:02:56 | 000,556,032 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\atmpvcno32.exe
[2011/07/05 20:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tnay\Application Data\vlc
[2011/07/05 20:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/05 20:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/26 20:45:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/26 15:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/26 15:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[1 C:\Documents and Settings\tnay\Desktop\*.tmp files -> C:\Documents and Settings\tnay\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\tnay\*.tmp files -> C:\Documents and Settings\tnay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/24 13:09:55 | 000,463,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/24 13:09:55 | 000,078,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/24 13:06:50 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/07/24 13:06:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/24 13:05:45 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/24 13:05:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-790525478-1801674531-1274.job
[2011/07/24 13:05:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/24 13:05:06 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 12:50:08 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\tnay\Desktop\SystemLook.exe
[2011/07/24 12:48:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/24 08:24:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tnay\Desktop\OTL.exe
[2011/07/22 14:52:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/22 07:38:47 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\tnay\My Documents\Default.rdp
[2011/07/19 13:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-790525478-1801674531-1274.job
[2011/07/18 20:28:42 | 035,364,676 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\temp10.flv
[2011/07/18 17:15:06 | 102,801,881 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\temp9.flv
[2011/07/18 17:05:31 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\tnay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 17:05:17 | 146,655,695 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\temp8.wmv
[2011/07/15 06:49:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/13 18:49:43 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NOOK for PC.lnk
[2011/07/13 10:02:56 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\1323918268
[2011/07/13 10:02:53 | 000,556,032 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\atmpvcno32.exe
[2011/07/13 07:00:15 | 000,055,499 | ---- | M] () -- C:\Documents and Settings\tnay\Desktop\DonnaDL.pdf
[2011/07/05 20:45:30 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/05 20:31:55 | 000,001,466 | ---- | M] () -- C:\Documents and Settings\tnay\Desktop\DivX Movies.lnk
[2011/07/05 20:19:34 | 004,127,232 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\anyasam.avi
[2011/06/28 09:13:18 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\tnay\My Documents\db1.mdb
[2011/06/26 20:50:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\tnay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/26 15:26:50 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/26 15:25:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[1 C:\Documents and Settings\tnay\Desktop\*.tmp files -> C:\Documents and Settings\tnay\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\tnay\*.tmp files -> C:\Documents and Settings\tnay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/24 12:50:07 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\tnay\Desktop\SystemLook.exe
[2011/07/18 20:28:42 | 035,364,676 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\temp10.flv
[2011/07/18 17:15:06 | 102,801,881 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\temp9.flv
[2011/07/18 17:05:17 | 146,655,695 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\temp8.wmv
[2011/07/13 18:49:43 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NOOK for PC.lnk
[2011/07/13 10:02:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\1323918268
[2011/07/13 07:00:15 | 000,055,499 | ---- | C] () -- C:\Documents and Settings\tnay\Desktop\DonnaDL.pdf
[2011/07/05 20:45:30 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/05 20:19:34 | 004,127,232 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\anyasam.avi
[2011/06/28 09:07:38 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\tnay\My Documents\db1.mdb
[2011/06/26 15:26:50 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/05 08:18:42 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/06/05 08:18:42 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/02/28 21:18:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 14:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bartend.INI
[2010/08/28 18:44:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/27 18:45:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\tnay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 16:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/05 12:15:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/02/04 08:30:50 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2010/02/01 17:41:26 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/02/01 17:41:26 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/01 15:20:30 | 000,000,475 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/01 12:14:22 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/02/01 12:14:21 | 001,663,488 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/02/01 12:14:21 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/02/01 11:39:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\tbicd2hd.exe
[2010/01/21 17:03:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/11/17 13:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 13:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/21 13:32:45 | 000,042,743 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/12/21 13:06:22 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/12/21 13:06:21 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/21 13:06:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/21 13:06:21 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/21 13:06:20 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/21 13:06:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/21 13:06:16 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/21 13:06:16 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/21 12:44:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/21 12:37:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/21 08:20:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/21 08:18:46 | 000,134,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,463,184 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,078,964 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/21 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/21 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 07:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/03/13 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/05/05 11:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/02/01 12:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/23 07:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/13 18:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Barnes & Noble
[2011/03/14 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\mjusbsp
[2010/02/05 12:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\pdf995
[2011/06/14 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\TeamViewer
[2010/02/01 16:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Windows Desktop Search
[2010/02/05 08:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Windows Search
[2010/02/04 08:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnay\Application Data\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF08C48A

< End of report >
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 1:17 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 12:51 on 24/07/2011 by tnay
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "AutoEnrollment"
[HKEY_CURRENT_USER\Software\Microsoft\Cryptography\AutoEnrollment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\AutoEnrollment]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WLANKEEPER WinMgmt Winlogon Windows Search Service Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Symantec AntiVirus Starter SpoolerCtrs Software Restriction Policies Software Installation SescLU ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft-Windows-propsys Microsoft Office 10 Microsoft H.323 Telephony Service Provider Microsoft (R
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AutoEnrollment]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WLANKEEPER WinMgmt Winlogon Windows Search Service Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Symantec AntiVirus Starter SpoolerCtrs Software Restriction Policies Software Installation SescLU ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft-Windows-propsys Microsoft Office 10 Microsoft H.323 Telephony Service Provider Microsoft (R
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\AutoEnrollment]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WLANKEEPER WinMgmt Winlogon Windows Search Service Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Symantec AntiVirus Starter SpoolerCtrs Software Restriction Policies Software Installation SescLU ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft-Windows-propsys Microsoft Office 10 Microsoft H.323 Telephony Service Provider Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AutoEnrollment]
[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\Software\Microsoft\Cryptography\AutoEnrollment]

-= EOF =-
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby askey127 » July 24th, 2011, 4:54 pm

timbo,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE NORTON ANTIVIRUS
    Please navigate to the system tray on the bottom right hand corner and look for a Imagesign.
    • right-click it -> chose "Disable Auto-Protect."
    • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
    • click "Ok."
    • a popup will warn that protection will now be disabled.
    Norton Antivirus Guard is now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your Antivirus protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
So we are looking for the log from TDSSKiller, and the Combofix log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 5:46 pm

TDSSKILLER - No malicious actvity found
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 5:47 pm

ComboFix 11-07-24.01 - tnay 07/24/2011 17:26:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2643 [GMT -4:00]
Running from: c:\documents and settings\tnay\Desktop\zzz.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}
c:\documents and settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}\chrome.manifest
c:\documents and settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}\chrome\xulcache.jar
c:\documents and settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}\defaults\preferences\xulcache.js
c:\documents and settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\extensions\{eb7f1266-1eca-4a6e-8a70-5b21db9b2bce}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 17:02 . 2011-07-24 17:02 -------- d-----w- C:\_OTL
2011-07-18 17:32 . 2008-04-14 04:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-07-18 17:32 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-07-13 22:49 . 2011-07-13 22:49 -------- d-----w- c:\documents and settings\tnay\Application Data\Barnes & Noble
2011-07-13 22:49 . 2011-07-13 22:49 -------- d-----w- c:\program files\Barnes & Noble
2011-07-13 18:24 . 2011-07-13 18:24 0 ---ha-w- c:\documents and settings\tnay\ckpdwcorwz.tmp
2011-07-13 14:02 . 2011-07-13 14:02 556032 ----a-w- c:\windows\system32\atmpvcno32.exe
2011-07-06 00:45 . 2011-07-06 00:45 -------- d-----w- c:\documents and settings\tnay\Application Data\vlc
2011-07-06 00:44 . 2011-07-06 00:44 -------- d-----w- c:\program files\VideoLAN
2011-06-27 00:45 . 2011-06-27 00:47 -------- dc-h--w- c:\windows\ie8
2011-06-26 19:27 . 2011-06-26 19:27 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-06-26 19:26 . 2011-06-26 19:26 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-26 19:26 . 2011-06-26 19:26 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-06-26 19:25 . 2011-06-26 19:25 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 15:51 . 2011-06-23 15:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 23:05 . 2010-02-01 20:29 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-06-02 14:02 . 2007-10-07 13:43 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-12-21 16:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2007-10-07 13:33 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2007-10-07 13:33 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2007-10-07 13:34 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"cdloader"="c:\documents and settings\tnay\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-26 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-1-17 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [2/1/2010 11:39 AM 18712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 9:27 PM 105592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 7:38 AM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 1:51 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 7:38 AM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 21875867
*Deregistered* - 21875867
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 11:38]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 11:38]
.
2011-07-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-790525478-1801674531-1274.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-790525478-1801674531-1274.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\tnay\Application Data\Mozilla\Firefox\Profiles\ggu8i46z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 17:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1796)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-07-24 17:37:50
ComboFix-quarantined-files.txt 2011-07-24 21:37
.
Pre-Run: 24,873,799,680 bytes free
Post-Run: 24,838,361,088 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 37F98E4B4881C4B97135F136536E8224
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby askey127 » July 24th, 2011, 7:41 pm

timbo,
---------------------------------------------
Run a SystemLook scan
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :Regfind
    aigismech.com
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow system and movement to generic search engine

Unread postby timbo » July 24th, 2011, 8:07 pm

Below is the log you asked for. You may have assumed it, but aigismech was the company I used to work for.

SystemLook 04.09.10 by jpshortstuff
Log created at 20:06 on 24/07/2011 by tnay
Administrator - Elevation successful

========== Regfind ==========

Searching for "aigismech.com"
[HKEY_CURRENT_USER\S]
"LastDetectUrl"="http://wpad.aigismech.com/wpad.dat"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History]
"DCName"="\\aigis-01.aigismech.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\0]
"FileSysPath"="\\aigismech.com\sysvol\aigismech.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\tnay\dca740c8c042101ab4b908002b2fe182]
"001e6602"="aigis-01.aigismech.com"
[HKEY_CURRENT_USER\Volatile Environment]
"USERDNSDOMAIN"="AIGISMECH.COM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=aigismech,DC=com]
"File"="%SystemRoot%\SchCache\aigismech.com.sch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History]
"DCName"="\\aigis-01.aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History]
"NetworkName"="aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0]
"FileSysPath"="\\aigismech.com\sysvol\aigismech.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\0]
"FileSysPath"="\\AIGISMECH.COM\SYSVOL\AIGISMECH.COM\POLICIES\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}\0]
"FileSysPath"="\\AIGISMECH.COM\SYSVOL\AIGISMECH.COM\POLICIES\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Shadow\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\0]
"FileSysPath"="\\aigismech.com\sysvol\aigismech.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony]
"DomainName"="aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP OfficeJet G55\DsSpooler]
"uNCName"="\\AIG-WRK-XP-059.aigismech.com\HP OfficeJet G55"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP OfficeJet G55\DsSpooler]
"serverName"="AIG-WRK-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP OfficeJet G55\DsSpooler]
"url"="http://AIG-WRK-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\hp psc 1300 series\DsSpooler]
"uNCName"="\\AIG-LTP-XP-059.aigismech.com\hp psc 1300 series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\hp psc 1300 series\DsSpooler]
"serverName"="AIG-LTP-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\hp psc 1300 series\DsSpooler]
"url"="http://AIG-LTP-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF995\DsSpooler]
"uNCName"="\\AIG-WRK-XP-059.aigismech.com\PDF995"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF995\DsSpooler]
"serverName"="AIG-WRK-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"uNCName"="\\AIG-LTP-XP-059.aigismech.com\Sharp AR-M350 PCL6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"serverName"="AIG-LTP-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"url"="http://AIG-LTP-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers\aigis-04\Printers\MFG01xerox128\DsSpooler]
"uNCName"="\\aigis-04.aigismech.com\MFG01xerox128"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers\aigis-04\Printers\MFG01xerox128\DsSpooler]
"serverName"="aigis-04.aigismech.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers\aigis-04\Printers\MFG01xerox128\DsSpooler]
"url"="http://aigis-04.aigismech.com/MFG01"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache]
"AIGISMECH"="aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP OfficeJet G55\DsSpooler]
"uNCName"="\\AIG-WRK-XP-059.aigismech.com\HP OfficeJet G55"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP OfficeJet G55\DsSpooler]
"serverName"="AIG-WRK-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\HP OfficeJet G55\DsSpooler]
"url"="http://AIG-WRK-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\hp psc 1300 series\DsSpooler]
"uNCName"="\\AIG-LTP-XP-059.aigismech.com\hp psc 1300 series"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\hp psc 1300 series\DsSpooler]
"serverName"="AIG-LTP-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\hp psc 1300 series\DsSpooler]
"url"="http://AIG-LTP-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\PDF995\DsSpooler]
"uNCName"="\\AIG-WRK-XP-059.aigismech.com\PDF995"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\PDF995\DsSpooler]
"serverName"="AIG-WRK-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"uNCName"="\\AIG-LTP-XP-059.aigismech.com\Sharp AR-M350 PCL6"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"serverName"="AIG-LTP-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"url"="http://AIG-LTP-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"NV Domain"="aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"Domain"="aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
"NV Domain"="aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
"Domain"="aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP OfficeJet G55\DsSpooler]
"uNCName"="\\AIG-WRK-XP-059.aigismech.com\HP OfficeJet G55"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP OfficeJet G55\DsSpooler]
"serverName"="AIG-WRK-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP OfficeJet G55\DsSpooler]
"url"="http://AIG-WRK-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\hp psc 1300 series\DsSpooler]
"uNCName"="\\AIG-LTP-XP-059.aigismech.com\hp psc 1300 series"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\hp psc 1300 series\DsSpooler]
"serverName"="AIG-LTP-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\hp psc 1300 series\DsSpooler]
"url"="http://AIG-LTP-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\PDF995\DsSpooler]
"uNCName"="\\AIG-WRK-XP-059.aigismech.com\PDF995"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\PDF995\DsSpooler]
"serverName"="AIG-WRK-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"uNCName"="\\AIG-LTP-XP-059.aigismech.com\Sharp AR-M350 PCL6"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"serverName"="AIG-LTP-XP-059.aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\Sharp AR-M350 PCL6\DsSpooler]
"url"="http://AIG-LTP-XP-059.aigismech.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NV Domain"="aigismech.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"Domain"="aigismech.com"
[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\S]
"LastDetectUrl"="http://wpad.aigismech.com/wpad.dat"
[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\Software\Microsoft\Windows\CurrentVersion\Group Policy\History]
"DCName"="\\aigis-01.aigismech.com"
[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\0]
"FileSysPath"="\\aigismech.com\sysvol\aigismech.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User"
[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\tnay\dca740c8c042101ab4b908002b2fe182]
"001e6602"="aigis-01.aigismech.com"
[HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\Volatile Environment]
"USERDNSDOMAIN"="AIGISMECH.COM"

-= EOF =-
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm

Re: Slow system and movement to generic search engine

Unread postby askey127 » July 25th, 2011, 7:47 am

timbo,
These sequences are slightly risky because of all the registry changes, but necessary to rid the machine of all the corporate entries.
We will do a registry backup, just in case..
-----------------------------------------------------------
Remove Printers Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Printers and Faxes
Right click each printer you DO NOT HAVE, one at a time.and choose Delete
If there is one there called Microsoft XPS Document Writer, you can leave it.
Close Printers and Faxes Dialog.
------------------------------------------------------------
Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to your Desktop. It will create a new folder.
  • Inside the new folder, double click ERUNT.exe.
  • OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Shadow]
    [HKEY_CURRENT_USER\S]
    "LastDetectUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=aigismech,DC=com]
    "File"=-
    [HKEY_CURRENT_USER\Volatile Environment]
    "USERDNSDOMAIN"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony]
    "DomainName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache]
    "AIGISMECH"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    "NV Domain"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    "Domain"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    "NV Domain"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    "Domain"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "NV Domain"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "Domain"=-
    [HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\S]
    "LastDetectUrl"=-
    [HKEY_USERS\S-1-5-21-220523388-790525478-1801674531-1274\Volatile Environment]
    "USERDNSDOMAIN"=-
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow system and movement to generic search engine

Unread postby timbo » July 28th, 2011, 8:08 am

In performing the above tasks, will it prevent me from using VPN if necessary?
timbo
Active Member
 
Posts: 11
Joined: July 22nd, 2011, 4:28 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware