Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware/Virus help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware/Virus help

Unread postby Jaded » December 18th, 2011, 2:25 pm

Greeting,

This is my parents home computer and it runs slower than a sloth. Whenever I start the computer the "blocked startup programs" pops up and I don't know why. I've recently had to remove a virus or two, but I just want to make sure there aren't any other harmful programs still (left over) in the system. Antivius scans come up with nothing wrong. Any help is appreciated. Thanks.

-Jaded


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Kevin at 13:09:28 on 2011-12-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.227 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MDR09W5\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\xfin_portal\CIDGlobalLight.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CinemaNowMediaManagerApp]
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resour ... cctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{E47B999D-EBB8-4B61-981A-ACA8A0FF513D} : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl21608fc3;MpKsl21608fc3;c:\programdata\microsoft\microsoft antimalware\definition updates\{36c7107a-1881-431b-ab4b-4504166328dd}\MpKsl21608fc3.sys [2011-12-18 29904]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\cinemanowsvc.exe --> c:\program files\cinemanow\cinemanow media manager\CinemanowSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-18 17:17:21 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{36c7107a-1881-431b-ab4b-4504166328dd}\MpKsl21608fc3.sys
2011-12-18 17:17:19 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{36c7107a-1881-431b-ab4b-4504166328dd}\offreg.dll
2011-12-18 16:05:50 456112 ----a-w- c:\program files\Uninstall Fun Web Products.dll
2011-12-18 15:54:19 -------- d-----w- c:\windows\pss
2011-12-18 04:57:14 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{36c7107a-1881-431b-ab4b-4504166328dd}\mpengine.dll
2011-12-18 01:09:08 -------- d-----w- c:\users\kevin\appdata\local\Facebook
2011-12-15 18:36:45 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 18:36:31 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 18:36:28 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 18:35:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-06 13:31:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-02 14:18:33 -------- d-----w- c:\users\kevin\appdata\roaming\DriverCure
2011-12-02 14:18:32 -------- d-----w- c:\users\kevin\appdata\roaming\SpeedyPC Software
2011-12-02 14:17:18 -------- d-----w- c:\programdata\SpeedyPC Software
2011-11-30 13:25:10 -------- d-----w- c:\program files\VideoLAN
2011-11-24 20:37:02 -------- d-----w- c:\users\kevin\appdata\roaming\ZoomBrowser EX
2011-11-24 20:12:24 -------- d-----w- c:\programdata\ZoomBrowser
2011-11-24 20:10:47 -------- d-----w- c:\program files\Canon
2011-11-24 20:08:32 -------- d-----w- c:\program files\common files\Canon
.
==================== Find3M ====================
.
2011-12-18 16:24:15 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-18 16:24:15 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-20 21:02:55 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 13:44:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 13:11:42.43 ===============


.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2008 3:52:01 PM
System Uptime: 12/18/2011 12:14:27 PM (1 hours ago)
.
Motherboard: ECS | | Iris
Processor: AMD Athlon(tm) 64 Processor 4000+ | Socket M2 | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 103 GiB total, 40.749 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.196 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 7.2
Bing Bar
BufferChm
C7200
C7200_Help
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Carbonite Online Backup Setup
Cards_Calendar_OrderGift_DoMorePlugout
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Copy
Dedicated Server
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Web Player
DocProc
Facebook Plug-In
Facebook Video Calling 1.0.0.8953
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService
Half-Life
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Crosswords-Sudoku
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 10.0
HP Driver Diagnostics
HP Easy Setup - Frontend
HP Imaging Device Functions 10.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.8.15.1
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Default Manager
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My HP Games
NetDeviceManager
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
PanoStandAlone
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
Python 2.5
Quicken WillMaker 2010
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shop for HP Supplies
Skype™ 5.5
SmartWebPrinting
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Steam
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
VNC Free Edition 4.1.2
WeatherBug Gadget
WebReg
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
WinRAR archiver
XFINITY Toolbar
Yahoo! Detect
Yahoo! Search Protection
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 12:19:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
12/18/2011 12:19:45 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/18/2011 10:43:30 AM, Error: EventLog [6008] - The previous system shutdown at 8:42:55 AM on 12/18/2011 was unexpected.
12/17/2011 8:15:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user CONNER\Kevin SID (S-1-5-21-615362757-4080515931-4032410649-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/11/2011 5:41:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user CONNER\Kevin SID (S-1-5-21-615362757-4080515931-4032410649-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
Jaded
Active Member
 
Posts: 5
Joined: December 18th, 2011, 2:02 pm
Advertisement
Register to Remove

Re: Malware/Virus help

Unread postby askey127 » December 19th, 2011, 1:49 pm

Hi jaded,
-----------------------------------------------
First, let me be very clear. The infection(s) you see are undoubtedly from the use of utorrent.
If you use P2P programs like that, there is no combination of anti-spyware, antivirus and anonymizer programs that will save your machine.
Thousands upon thousands of the shared files have infections planted by criminals, and eventually you would get an infection so serious that you would have to reformat the drive and re-install Windows from scratch, losing all your documents.
Our site policy is here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

µTorrent
Java(TM) SE Runtime Environment 6 Update 1
weatherbug Gadget

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :Filefind
    *mpdetection*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

So we are looking for the contents of the two files from OTL, and the contents of SystemLook.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware/Virus help

Unread postby Jaded » December 19th, 2011, 6:02 pm

Hey askey127

THanks for the heads up about P2P. It is gone. Here is the other scans.

______________________________________________________________________________________________

TL logfile created on: 12/19/2011 4:43:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 216.47 Mb Available Physical Memory | 24.22% Memory free
2.00 Gb Paging File | 0.92 Gb Available in Paging File | 45.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.95 Gb Total Space | 43.29 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.20 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: CONNER | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 16:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (CinemaNow Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/10/09 20:59:37 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 16:21:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0ABD9DE1-1B92-4821-A631-6DFFD167A8B9}\MpKsl46ebd9f0.sys -- (MpKsl46ebd9f0)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/28 02:07:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/13 20:20:48 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 17:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004/09/29 15:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z129&ocid=zdhp&i ... e=20111130
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.xfinity.com/customer/start/? ... te09292011
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kevin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/25 23:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/23 14:08:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/23 14:08:21 | 000,000,000 | ---D | M]

[2011/11/30 08:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 File not found
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E47B999D-EBB8-4B61-981A-ACA8A0FF513D}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 09:49:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a829fe7-fe61-11de-bc8c-001e90707575}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 16:40:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/12/18 11:39:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/18 11:39:50 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/18 11:39:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/18 11:39:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/18 11:39:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/18 11:39:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/18 10:54:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/17 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Facebook
[2011/12/15 13:36:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 13:36:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 13:36:34 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 13:36:31 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 13:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 13:35:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/06 08:31:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/04 12:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/02 09:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DriverCure
[2011/12/02 09:18:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SpeedyPC Software
[2011/12/02 09:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2011/11/30 08:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/30 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2011/11/28 08:23:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/24 15:41:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\canon
[2011/11/24 15:37:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ZoomBrowser EX
[2011/11/24 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/11/24 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/11/24 15:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/11/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\Kevin\Desktop\*.tmp files -> C:\Users\Kevin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 16:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/12/19 16:22:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 16:11:25 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 16:11:25 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 14:14:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/18 23:22:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 20:14:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/12/18 16:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 12:16:50 | 000,423,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/18 11:24:15 | 000,000,260 | ---- | M] () -- C:\Windows\System32\cmdVBS.vbs
[2011/12/18 11:24:15 | 000,000,256 | ---- | M] () -- C:\Windows\System32\MSIevent.bat
[2011/12/09 18:17:07 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/09 18:17:07 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 08:38:39 | 000,007,052 | ---- | M] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2011/12/06 08:31:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/24 15:12:24 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/11/24 15:11:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/11/24 15:11:35 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/11/24 15:10:57 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\Kevin\Desktop\*.tmp files -> C:\Users\Kevin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 20:09:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/17 20:09:30 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/11/24 15:12:24 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/11/24 15:11:37 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/11/24 15:11:35 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/11/24 15:10:57 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/08/23 14:07:29 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2011/01/12 18:20:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/24 19:14:18 | 000,004,096 | -H-- | C] () -- C:\Users\Kevin\AppData\Local\keyfile3.drm
[2009/11/20 17:05:08 | 000,007,052 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2009/11/20 17:04:56 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/09/18 06:03:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 06:03:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/09/18 02:00:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/11 21:35:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/09/11 21:32:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/07/06 17:44:48 | 000,029,260 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2008/05/11 16:08:13 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2008/05/03 17:56:46 | 000,000,590 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2008/05/01 19:22:59 | 000,147,097 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/05/01 19:22:57 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/05/01 18:55:53 | 000,108,073 | ---- | C] () -- C:\Windows\hpqins01.dat
[2008/04/30 20:58:32 | 000,164,775 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/04/30 20:58:32 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/04/17 15:37:55 | 000,048,128 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/17 14:11:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/11 13:27:32 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/06 09:40:18 | 000,107,370 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/12/06 09:24:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/12/06 09:22:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/06 09:22:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 10:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,423,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/10/13 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Any Video Converter
[2011/11/24 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\canon
[2011/12/02 09:18:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DriverCure
[2010/02/10 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Facebook
[2010/07/31 17:24:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2008/07/06 17:44:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PeerNetworking
[2010/06/29 21:08:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Quicken WillMaker
[2011/06/25 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Samsung
[2008/04/04 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Snapfish
[2011/12/02 09:18:32 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SpeedyPC Software
[2011/07/05 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TechWizard
[2008/05/03 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Template
[2008/10/11 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WildTangent
[2008/05/18 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch
[2011/12/18 20:14:06 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/12/19 14:14:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/18 14:02:40 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
________________________________________________________________________________________________

OTL Extras logfile created on: 12/19/2011 4:43:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 216.47 Mb Available Physical Memory | 24.22% Memory free
2.00 Gb Paging File | 0.92 Gb Available in Paging File | 45.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.95 Gb Total Space | 43.29 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.20 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: CONNER | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED0A34B-AE2D-46F9-A2DA-C9CD3F5424D7}" = lport=5900 | protocol=6 | dir=in | name=arejygtw784 |
"{15F141E1-C651-45B9-BFD4-79CD2C6E4D38}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{185E53CB-435C-4CCD-B295-99E1F061AB42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18A11E86-8139-44D4-834A-166877B80A26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C3ADB37-A1A9-47DF-857B-C0288D150D09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B1CA485-1E5E-4AB7-AEB9-620DB63E293F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D22D98B-B96D-4E9B-A384-F0B5A9BC0D5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A10A22F-8DD5-4A0E-9889-4CDC8ED1D280}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3ECECE57-7315-4D28-882F-9B6D40D86D05}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3F199292-1DDF-4280-8650-36E7D1C17DAF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4C1EEA3B-3B17-4246-927D-2B7EE32C0C82}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FF111A7-17A4-4E62-BF78-22E15EDACDB8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{63671C0C-88C6-42B0-8DBA-5E73F6E041A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6800296D-95A6-4BB5-998F-1186468C9286}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69B3E754-1599-4C6C-95CC-9C5730C2E8C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{728262CC-8B6E-4431-A825-369C024D6266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BA8D53E-C33E-412A-94F4-9A372C368372}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A44266-CF2D-40F7-A000-09DAA65C5F8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A05BF88-94BF-49B4-8DAD-877FEFEBAD4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C8720FF-BF3B-44A0-A142-7CA3EE517184}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9022BF86-83BE-4B62-9EB8-D9CCA38AB2C1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{94E1CBC1-389F-41BB-8D96-B5CDED26DE77}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{94E31D38-7864-4EC8-AEE5-D4CE8EFCB63B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9BA5DE78-ECFF-449A-A69F-80AC97C9C91E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E1F8B5D-670F-42ED-AC8F-A62CE6B8BEB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A00B818D-639C-468A-B348-43D02AACD69B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E4D87A-90A1-4BC8-AEAF-6ACEF92D2B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A577EB1A-4EF1-4B3D-B4C3-48EFA5264CFD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AEEB7BD1-51C8-4D0A-9906-0C2D463A457C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BEFDA72A-A117-41F8-8053-4AB7998A7F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C975FB6C-3125-4114-BC3F-F09A4547B5D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9FB4A98-22A8-4755-973A-8A8866B69715}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D093C35C-B6ED-4813-B427-101662164112}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1246F6E-1299-4BC2-B978-558FCD728D6B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5F15B6C-D164-45FB-B7B9-59CCE6CDCA69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D641270C-B370-49C5-83CD-CC959DE33519}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D6E5504F-8C33-4F23-9199-7A956E2DA669}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E1D4E074-C1A8-48EF-8481-4BDC1980B449}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{E91D245A-08D0-4C11-9B7C-2F71DD10FDA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F529F621-FB21-4CB0-9CF1-5A8E7FC15CA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F85A42BD-368A-48D6-882B-3588864FAC1D}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0247B87E-FD61-4390-8B5C-F9A9297AB231}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{03BBF7A8-654C-4F46-A4F9-DC52FE578B5E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{05361BBB-9772-48CD-9DF7-822A35F519D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FA23DA9-32CD-4944-86F3-CE28766A55C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{156DE949-22B9-4334-8225-CF2CA827CB80}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1E499903-9DEA-445E-ADEC-D821482E69BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F1EBF2F-84F0-4862-B561-E97412B78086}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2176C71C-4365-42EF-8B80-2DDE4059A3CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{23D52A96-424E-4EB0-97D3-94AA13F43B7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CBBCCFC-CB04-4176-A73B-D815D11F1416}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{2E20E8CC-A348-43A4-B7C2-7F77B3288E9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{31967652-674A-478F-B0DD-09F7B17445F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{349147F5-D243-4C52-80D1-D630F6344787}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{357C0DA0-3CF6-420E-BC1F-3178CFA785F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38979077-B8BF-42A8-B4B0-4FCC7FC47721}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3CF6EB73-0E88-4F6F-A01A-08DA8D1CC0CC}" = protocol=6 | dir=out | app=system |
"{4A083ACA-84AD-43E7-8A32-6FFFB9A27B66}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4C89E2BD-E65B-428A-B1FC-717F1653D386}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4E4FD12A-7E5C-43C9-B400-B73788187AC2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{57D507B2-3A86-4648-869B-752DFF60EB40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{5FC63794-CA34-45E0-9BA5-1A9A5FE0D00B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AFD231E-A76F-4925-8A32-2B09E5708053}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E9F2245-4626-4626-82C8-5289E8B79590}" = protocol=17 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{729AAB78-B282-412C-B70F-7930A8BE3865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81150EF4-C9BC-442F-A672-B74CFD514636}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{84D9AFA6-60F3-472B-B7E1-6F5B82B1F492}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{872F7578-0E64-4ACF-B0FC-DA0822031106}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{905870E9-CB2B-4FBF-B808-448119E0D51A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{937E70DB-F7B4-46F7-BE49-23825EC5447A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9774C23F-8914-4A73-9E97-F0038F2AA052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B72E89E-CA8F-4F6C-921D-A23878D0EC6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A103BA68-B0CF-404B-B3FB-C690B691B7A9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{A32B85FE-59E1-4C67-8362-B41934F2692C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A3C5D3D7-570A-4E94-8897-6C16E4289B16}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B08C9E18-CD90-4462-8F8F-EF536A3ABA97}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B800253B-6F42-4689-947D-5A326C065CF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{B861C5B1-0C38-4575-93CB-6826C8C334F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9E42C76-F881-4E10-9FBB-756AA5B0B73D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C09C8A67-895B-4CD6-B959-1A5B4E46AA7E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C77F4B02-4DFF-4B40-853D-6D2098DA49CE}" = protocol=6 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{C9103999-7915-42C7-A7C9-1407E7426590}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC0D2874-E1B0-4A85-A114-A7B644D82E0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D21A7DA1-4A30-484D-9AFF-A191B676B659}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D4AA08A2-8343-43B2-9D2D-1A5890772F56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DEFFBFA7-F451-4C3A-9DC4-D751BB790295}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E19BA1EA-7073-4256-8E42-6FF50200A7F2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E3C94DB1-C208-4500-B8E4-C6F1D6CA6AB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{E6416419-53D8-41F2-A49C-468AFE4304BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E89BE4CD-8D56-412A-881D-DB9477FE43A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E920671E-18DD-4863-8C60-31F502B7A34D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{EA5CC671-45E5-4D71-8FD5-29E800B70503}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EC87BA5A-BE4E-4C3F-8C86-7EECA93AECE4}" = protocol=6 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cnupdater.exe |
"{EEDBF9B1-E1F0-4B4C-9B0A-F49A8499161D}" = protocol=17 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cnupdater.exe |
"{F04A2D95-78F7-433B-94D7-98BBEE59E413}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F204B556-E2C6-4C0E-ABFF-428F5A8281AF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F2E349B1-8861-47BE-B2F5-A5BEEE8C94FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F720CCB7-535A-488B-9E1F-4A6915A3C164}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{FCFA3356-D092-4096-8342-F75CA3CDBA12}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FF27CB8B-843F-42AE-BAFA-676670479CDD}" = dir=in | app=c:\users\kevin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{1296F66A-5FD1-49EE-9869-FDCC16CCCC3C}C:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe |
"TCP Query User{5F71CB5F-9BCA-437E-BE2A-11436A4DA2AE}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{660A1403-59E8-4EBB-92B7-AF86A9E372FF}J:\techwizard.exe" = protocol=6 | dir=in | app=j:\techwizard.exe |
"TCP Query User{93E3F2B5-70F1-48B5-B57A-4A19D8E15273}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0D5C37B-068A-440E-B31B-F517CFE3AACF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D0510EF3-5C88-4960-9590-22C060408538}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{4365C50E-D419-44D3-B721-4763D3A17079}J:\techwizard.exe" = protocol=17 | dir=in | app=j:\techwizard.exe |
"UDP Query User{73A33DF5-4DF2-4DD4-8CE6-74F8A054C3C9}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{8AB0EE02-2D6A-491F-AA1B-96FD2C4746E5}C:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe |
"UDP Query User{8FF92EC7-F00A-4DCE-94AC-CEE5076D8F21}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A5828AC3-AACE-4A2D-9AB1-7CD8DD158E44}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{E331089B-7D19-494F-AA62-05E28E553D27}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 7.2
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Google Updater" = Google Updater
"Hoyle Crosswords-Sudoku" = Hoyle Crosswords-Sudoku
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Quicken WillMaker 2010" = Quicken WillMaker 2010
"RealVNC_is1" = VNC Free Edition 4.1.2
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 5" = Dedicated Server
"Steam App 70" = Half-Life
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"xfin_portal" = XFINITY Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2011 6:33:15 PM | Computer Name = Conner | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13e4 Start Time: 01cc59f49b855c90 Termination Time: 11574

Error - 8/17/2011 3:56:09 PM | Computer Name = Conner | Source = MsiInstaller | ID = 11905
Description =

Error - 8/19/2011 9:41:35 AM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f,
faulting module hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f, exception
code 0xc0000005, fault offset 0x0003f1c9, process id 0x1344, application start time
0x01cc5e75ae513457.

Error - 8/23/2011 3:45:26 PM | Computer Name = Conner | Source = VSS | ID = 8194
Description =

Error - 8/31/2011 9:09:10 PM | Computer Name = Conner | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f08 Start Time: 01cc684396687e79 Termination Time: 10

Error - 9/2/2011 7:56:05 AM | Computer Name = Conner | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dbc Start Time: 01cc6966f273c500 Termination Time: 330

Error - 9/2/2011 9:05:15 AM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f,
faulting module hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f, exception
code 0xc0000005, fault offset 0x0003f1c9, process id 0x11c4, application start time
0x01cc6970cb1ef7e0.

Error - 9/4/2011 4:03:50 PM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application stxmenumgr.exe, version 4.7.0.10, time stamp
0x4abdb427, faulting module MSVCR80.dll, version 8.0.50727.6195, time stamp 0x4dcddbf3,
exception code 0x40000015, fault offset 0x000046b4, process id 0xa2c, application
start time 0x01cc6966b7d80be0.

Error - 9/9/2011 9:04:27 AM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f,
faulting module hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f, exception
code 0xc0000005, fault offset 0x0003f1c9, process id 0x148c, application start time
0x01cc6ef0f261bdc0.

Error - 9/15/2011 6:12:08 AM | Computer Name = Conner | Source = Windows Search Service | ID = 7040
Description =

[ Media Center Events ]
Error - 5/30/2008 5:31:21 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 11:26:25 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 1:15:17 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/4/2008 3:23:53 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 2:00:21 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/10/2008 5:38:36 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/25/2008 5:45:53 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/8/2008 3:31:42 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/22/2008 3:09:18 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/5/2010 8:46:32 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/18/2011 11:43:30 AM | Computer Name = Conner | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:42:55 AM on 12/18/2011 was unexpected.

Error - 12/18/2011 11:45:53 AM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =

Error - 12/18/2011 11:45:53 AM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =

Error - 12/18/2011 1:19:45 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =

Error - 12/18/2011 1:19:45 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =

Error - 12/18/2011 3:06:36 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =

Error - 12/18/2011 3:06:37 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =

Error - 12/18/2011 5:11:16 PM | Computer Name = Conner | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:36:01 PM on 12/18/2011 was unexpected.

Error - 12/18/2011 5:13:30 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =

Error - 12/18/2011 5:13:32 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =


< End of report >
_________________________________________________________________________________________________

SystemLook 30.07.11 by jpshortstuff
Log created at 16:53 on 19/12/2011 by Kevin
Administrator - Elevation successful

========== Filefind ==========

Searching for "*mpdetection*"
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-10132011-010903.log --a---- 14378 bytes [05:09 13/10/2011] [01:44 17/11/2011] C6F6100E4EFF7D600619C863D71490EA
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-11172011-082450.log --a---- 25692 bytes [13:24 17/11/2011] [04:59 18/12/2011] F80BFF5DB768507BAFBCB8C015B81C93
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log --a---- 2380 bytes [15:43 18/12/2011] [21:21 19/12/2011] EB092582FD2C2F8E49F0C73A691FD42C
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-10132011-010903.log --a---- 14378 bytes [05:09 13/10/2011] [01:44 17/11/2011] C6F6100E4EFF7D600619C863D71490EA
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-11172011-082450.log --a---- 25692 bytes [13:24 17/11/2011] [04:59 18/12/2011] F80BFF5DB768507BAFBCB8C015B81C93
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log --a---- 2380 bytes [15:43 18/12/2011] [21:21 19/12/2011] EB092582FD2C2F8E49F0C73A691FD42C

-= EOF =-

_________________________________________________________________________________________________

-Jaded
Jaded
Active Member
 
Posts: 5
Joined: December 18th, 2011, 2:02 pm

Re: Malware/Virus help

Unread postby askey127 » December 19th, 2011, 7:38 pm

Jaded:
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Comcast Desktop Software (v1.2.0.9)

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O3 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
    O15 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
    
    :Files
    C:\ProgramData\SpeedyPC Software
    C:\Users\Kevin\AppData\Roaming\SpeedyPC Software
    C:\Windows\pss
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Run another Scan With SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :content
    C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

So we are looking for the contents of systemlook.txt and the contents of OTL.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware/Virus help

Unread postby Jaded » December 20th, 2011, 3:55 pm

askey127

Just wanted to let you know that when I ran the OTL fix my computer froze the first time (had to manually turn my computer off) and then when the computer restarted a notepad file popped up and then my computer froze again. But, after another restart this notepad file popped up.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-615362757-4080515931-4032410649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-615362757-4080515931-4032410649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CinemaNowMediaManagerApp not found.
Registry key HKEY_USERS\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com\ not found.
Registry key HKEY_USERS\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com\ not found.
========== FILES ==========
File\Folder C:\ProgramData\SpeedyPC Software not found.
File\Folder C:\Users\Kevin\AppData\Roaming\SpeedyPC Software not found.
File\Folder C:\Windows\pss not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kevin\Desktop\Computer FIX programs\cmd.bat deleted successfully.
C:\Users\Kevin\Desktop\Computer FIX programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kevin
->Temp folder emptied: 165358 bytes
->Temporary Internet Files folder emptied: 6425367 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 689 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 587030501 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 566.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_142527

Files\Folders moved on Reboot...
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DF1422.tmp not found!
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DF1456.tmp not found!
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DF14D2.tmp not found!
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DF14E1.tmp not found!
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4AK0C4WA\ev[1].htm moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4AK0C4WA\owa[1].htm moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


_____________________________________________________________________

I just wanted to let you know that that happened before I Was able to get the scans you requested. Here they are:

OTL logfile created on: 12/20/2011 2:39:20 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop\Computer FIX programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 230.94 Mb Available Physical Memory | 25.84% Memory free
2.01 Gb Paging File | 0.89 Gb Available in Paging File | 44.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.95 Gb Total Space | 44.87 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.20 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: CONNER | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 16:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\Computer FIX programs\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (CinemaNow Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/10/09 20:59:37 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 14:29:45 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0ABD9DE1-1B92-4821-A631-6DFFD167A8B9}\MpKslc74f0693.sys -- (MpKslc74f0693)
DRV - [2011/12/20 14:06:10 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0ABD9DE1-1B92-4821-A631-6DFFD167A8B9}\MpKsl5e128a4e.sys -- (MpKsl5e128a4e)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/28 02:07:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/13 20:20:48 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 17:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004/09/29 15:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z129&ocid=zdhp&i ... e=20111130
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.xfinity.com/customer/start/? ... te09292011
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kevin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/25 23:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/23 14:08:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/23 14:08:21 | 000,000,000 | ---D | M]

[2011/11/30 08:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/12/20 14:27:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 File not found
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E47B999D-EBB8-4B61-981A-ACA8A0FF513D}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 09:49:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a829fe7-fe61-11de-bc8c-001e90707575}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 13:43:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 17:05:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Computer FIX programs
[2011/12/17 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Facebook
[2011/12/04 12:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/02 09:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DriverCure
[2011/11/30 08:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/30 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2011/11/28 08:23:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/24 15:41:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\canon
[2011/11/24 15:37:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ZoomBrowser EX
[2011/11/24 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/11/24 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/11/24 15:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/11/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[3 C:\Users\Kevin\Desktop\*.tmp files -> C:\Users\Kevin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 14:30:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 14:30:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 14:30:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 14:29:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 14:27:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/20 14:22:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 11:14:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/19 20:14:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/12/18 12:16:50 | 000,423,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/18 11:24:15 | 000,000,260 | ---- | M] () -- C:\Windows\System32\cmdVBS.vbs
[2011/12/18 11:24:15 | 000,000,256 | ---- | M] () -- C:\Windows\System32\MSIevent.bat
[2011/12/09 18:17:07 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/09 18:17:07 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 08:38:39 | 000,007,052 | ---- | M] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2011/11/24 15:12:24 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/11/24 15:11:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/11/24 15:11:35 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/11/24 15:10:57 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[3 C:\Users\Kevin\Desktop\*.tmp files -> C:\Users\Kevin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 20:09:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/17 20:09:30 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/11/24 15:12:24 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/11/24 15:11:37 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/11/24 15:11:35 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/11/24 15:10:57 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/08/23 14:07:29 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2011/01/12 18:20:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/24 19:14:18 | 000,004,096 | -H-- | C] () -- C:\Users\Kevin\AppData\Local\keyfile3.drm
[2009/11/20 17:05:08 | 000,007,052 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2009/11/20 17:04:56 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/09/18 06:03:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 06:03:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/09/18 02:00:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/11 21:35:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/09/11 21:32:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/07/06 17:44:48 | 000,029,260 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2008/05/11 16:08:13 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2008/05/03 17:56:46 | 000,000,590 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2008/05/01 19:22:59 | 000,147,097 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/05/01 19:22:57 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/05/01 18:55:53 | 000,108,073 | ---- | C] () -- C:\Windows\hpqins01.dat
[2008/04/30 20:58:32 | 000,164,775 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/04/30 20:58:32 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/04/17 15:37:55 | 000,048,128 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/17 14:11:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/11 13:27:32 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/06 09:40:18 | 000,107,370 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/12/06 09:24:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/12/06 09:22:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/06 09:22:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 10:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,423,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/10/13 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Any Video Converter
[2011/11/24 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\canon
[2011/12/02 09:18:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DriverCure
[2010/02/10 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Facebook
[2010/07/31 17:24:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2008/07/06 17:44:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PeerNetworking
[2010/06/29 21:08:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Quicken WillMaker
[2011/06/25 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Samsung
[2008/04/04 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Snapfish
[2011/07/05 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TechWizard
[2008/05/03 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Template
[2008/10/11 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WildTangent
[2008/05/18 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch
[2011/12/19 20:14:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/12/20 11:14:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/20 14:27:55 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
_____________________________________________________________________

SystemLook 30.07.11 by jpshortstuff
Log created at 14:49 on 20/12/2011 by Kevin
Administrator - Elevation successful

Invalid Context: content

No Context: C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log

-= EOF =-

_____________________________________________________________________

I don't know if that last scan worked b/c you said it should take a few mins and mine came up almost instantly. Please let me know if I did something wrong. All I did was copy and paste

:content
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log


Into the main text box and the above is what came up. Like I said, let me know if I did something wrong. Thanks!

-Jaded
Jaded
Active Member
 
Posts: 5
Joined: December 18th, 2011, 2:02 pm

Re: Malware/Virus help

Unread postby askey127 » December 20th, 2011, 5:57 pm

That was a typo of mine. Sorry.
In SystemLook, use
:contents
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log

Have the OP get it for you.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware/Virus help

Unread postby Jaded » December 20th, 2011, 6:21 pm

No worries...typos happen.
_______________________________________________________________________________
SystemLook 30.07.11 by jpshortstuff
Log created at 17:19 on 20/12/2011 by Kevin
Administrator - Elevation successful

========== contents ==========

C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log - Opened succesfully.

ÿþ2011-12-18T15:43:30.292Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-18T15:43:42.341Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-18T17:13:10.744Z Service stopped with exit code 0x0
2011-12-18T17:16:55.856Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-18T17:17:21.453Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-18T19:02:27.721Z Service stopped with exit code 0x0
2011-12-18T19:04:30.765Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-18T19:04:41.052Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-18T21:11:16.073Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-18T21:11:28.902Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-19T21:21:13.292Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T18:13:06.233Z Service stopped with exit code 0x0
2011-12-20T18:17:10.726Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T18:17:20.571Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T19:05:49.227Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T19:06:10.481Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T19:15:30.892Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T19:15:41.356Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T19:27:49.298Z Service stopped with exit code 0x0
2011-12-20T19:29:36.850Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T19:29:45.076Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T20:43:50.970Z Service stopped with exit code 0x0
2011-12-20T20:51:39.852Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T20:51:46.932Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T20:57:00.854Z Service stopped with exit code 0x0
2011-12-20T20:58:21.615Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T20:59:11.685Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
2011-12-20T21:59:28.362Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1455.0 AV 1.117.1455.0


-= EOF =-
_______________________________________________________________________________

THere ya go.

- Jaded
Jaded
Active Member
 
Posts: 5
Joined: December 18th, 2011, 2:02 pm

Re: Malware/Virus help

Unread postby askey127 » December 22nd, 2011, 7:41 am

Jaded,
The Comcast Anti-Spy software may have a conflict with Microsoft antivirus
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Comcast Desktop Software (v1.2.0.9)

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know how it's running. I don't see any malware as such.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware/Virus help

Unread postby Jaded » December 23rd, 2011, 3:42 pm

hey, the machine is running a lot better/faster than before. Thanks a ton!

Here is the log

_______________________________________________________________________________
All processes killed
========== OTL ==========
Error: Unable to stop service AntiSpywareService!
Service AntiSpywareService deleted successfully!
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully.
C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Software deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kevin\Desktop\Computer FIX programs\cmd.bat deleted successfully.
C:\Users\Kevin\Desktop\Computer FIX programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kevin
->Temp folder emptied: 17003418 bytes
->Temporary Internet Files folder emptied: 313083105 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 922 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14031388 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 328.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12232011_142752

Files\Folders moved on Reboot...
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DFEE27.tmp not found!
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DFEE2E.tmp not found!
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DFEE77.tmp not found!
File\Folder C:\Users\Kevin\AppData\Local\Temp\~DFEE7D.tmp not found!
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SERAMM99\ev[1].htm moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\111CHUFR\owa[1].htm moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...
_______________________________________________________________________________

-Jaded
Jaded
Active Member
 
Posts: 5
Joined: December 18th, 2011, 2:02 pm

Re: Malware/Virus help

Unread postby askey127 » December 23rd, 2011, 4:23 pm

Jaded,
I think you are in pretty good shape.
If you open OTL again and click on The CleanUp button it will remove itself and most of the tools we used.
If it doesn't remove SystemLook, you can delete that yourself from the desktop.
Good luck !
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware/Virus help

Unread postby askey127 » December 25th, 2011, 9:13 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware