Advertisement
Advertisement
 Search | |
| |
06-Aug-2012, 10:17 AM
#3 | ||||||||
| Hi there. Sorry for the delay. Please download and run Combo Fix. Download ComboFix from this location: Link 1 * IMPORTANT- Save ComboFix.exe to your Desktop ==================================================== Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications ==================================================== Double click on ComboFix.exe & follow the prompts.
 Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. |
08-Aug-2012, 10:15 AM
#8 | ||||||||
| Hi, sorry for the delay. Pleas download this tool as it provides a removal feature we can use later on. Download and run OTL
|
08-Aug-2012, 01:29 PM
#9 | |||||||
| OTL.txt OTL logfile created on: 8/8/2012 11:21:10 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Fran\My Documents\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.09 Mb Total Physical Memory | 305.59 Mb Available Physical Memory | 29.90% Memory free 2.40 Gb Paging File | 1.80 Gb Available in Paging File | 74.88% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.32 Gb Total Space | 118.17 Gb Free Space | 81.88% Space Free | Partition Type: NTFS Computer Name: FRAN-A706F34BFF | User Name: Fran | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/08 11:20:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fran\My Documents\Downloads\OTL.exe PRC - [2012/07/18 08:07:48 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/12/22 09:00:00 | 005,513,216 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe PRC - [2005/12/22 09:00:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe PRC - [2005/11/28 13:04:12 | 000,106,551 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\Ir.exe PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe PRC - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ========== Modules (No Company Name) ========== MOD - [2012/08/03 09:42:10 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2012/07/18 08:07:35 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe MOD - [2004/10/04 05:46:50 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll MOD - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ========== Win32 Services (SafeList) ========== SRV - [2012/08/03 09:42:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/18 08:07:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/12/12 15:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2004/10/04 04:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mkhbclcj.sys -- (mkhbclcj) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Fran\LOCALS~1\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/01/25 15:14:06 | 000,472,644 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys -- (HCWBT8xx) DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\..\SearchScopes\{06CDF0F0-D884-4C8F-8E81-37639E1560E8}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US& apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=150E17C7-C963-41E7-B4D8-87DDBCCDAD16&apn_sauid=51C0B9D7-B9F4-440B-849D-0C85A002F210 IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "data%3Atext/plain%2Cbrowser.startup.homepage%3Dhttp%3A//search.yahoo.com/firefox/%3Ffr%3Dyff80-sfp" FF - prefs.js..browser.startup.homepage: "data%3Atext/plain%2Cbrowser.startup.homepage%3Dhttp%3A//search.yahoo.com/firefox/%3Ffr%3Dyff80-sfp" FF - prefs.js..keyword.URL: "https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\mozilla firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 08:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 11:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fran\Application Data\Mozilla\Extensions [2012/07/31 22:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\extensions [2012/05/29 06:31:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/04/23 09:44:20 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\searchplugins\askcom.xml [2012/07/31 22:29:21 | 000,004,772 | ---- | M] () -- C:\Documents and Settings\Fran\Application Data\Mozilla\Firefox\Profiles\y5ng535c.default\searchplugins\web-search.xml [2012/06/25 08:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/24 11:32:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/12/01 11:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2011/12/01 11:17:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/07/31 22:23:55 | 000,556,911 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y5NG535C.DEFAULT\EXTENSIONS\{51EF49D2-624B-4194-8B97-1C468E9B0EFE}.XPI [2012/07/18 08:07:55 | 000,553,826 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y5NG535C.DEFAULT\EXTENSIONS\{758D6AEB-75E4-9F24-FD49-51B640ADD07F}.XPI [2012/07/18 08:07:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/12 09:29:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/12 09:29:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  rigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\Application\17.0.963.6\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\Application\17.0.963.6\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\Application\17.0.963.6\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Gmail = C:\Documents and Settings\Fran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/08/06 10:28:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1547161642-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1343845315984 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84C880AF-422F-43A8-9AA6-C4C54C16BC72}: DhcpNameServer = 192.168.5.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Fran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/11/30 10:01:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/06 11:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Desktop\2012_08_06 [2012/08/06 10:19:03 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/08/06 10:16:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/08/06 10:16:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/08/06 10:16:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/08/06 10:16:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/08/06 10:15:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/06 10:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/08/04 16:52:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fran\Start Menu\Programs\Administrative Tools [2012/08/03 08:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2012/08/03 08:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager [2012/08/03 08:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2012/08/01 11:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/08/01 11:19:25 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/08/01 09:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2012/08/01 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Application Data\ElevatedDiagnostics [2012/08/01 08:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2012/08/01 08:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2012/08/01 08:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2012/08/01 07:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2012/07/19 15:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Desktop\hutch fusion [2012/07/19 15:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Desktop\New Folder [2012/07/11 07:09:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/08 11:21:54 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/08/08 11:21:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/08/08 11:15:20 | 000,689,028 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\July expenses.pdf [2012/08/08 11:11:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/08/08 08:05:26 | 003,103,536 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\hansen elite.pdf [2012/08/08 07:57:35 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D788EB22-BD64-424F-B03D-4A6C0C682E5D}.job [2012/08/08 07:52:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/08/06 21:42:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/08/06 11:47:15 | 001,477,343 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Receipts July.pdf [2012/08/06 11:21:55 | 002,076,167 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Cover Wells July.pdf [2012/08/06 10:28:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/08/06 10:12:32 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/08/03 13:51:02 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job [2012/08/03 09:42:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/08/03 09:42:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/08/01 19:00:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/07/28 17:47:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/07/19 22:48:30 | 000,115,323 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Summer harvest.jpg [2012/07/19 22:46:42 | 000,115,522 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\sand dune.jpg [2012/07/18 08:00:44 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/17 22:25:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/08 11:15:18 | 000,689,028 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\July expenses.pdf [2012/08/08 08:04:00 | 003,103,536 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\hansen elite.pdf [2012/08/06 11:47:12 | 001,477,343 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\Receipts July.pdf [2012/08/06 11:21:46 | 002,076,167 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\Cover Wells July.pdf [2012/08/06 10:19:04 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/08/06 10:16:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/08/06 10:16:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/08/06 10:16:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/08/06 10:16:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/08/06 10:16:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/08/01 13:01:36 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/08/01 11:40:47 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/08/01 11:30:49 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/07/19 22:48:30 | 000,115,323 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\Summer harvest.jpg [2012/07/19 22:46:41 | 000,115,522 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\sand dune.jpg [2012/07/16 08:03:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/03/12 20:17:07 | 000,025,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/02/16 09:24:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/30 23:51:09 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2012/01/19 22:38:56 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2011/12/05 15:52:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/12/05 15:37:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011/12/02 23:07:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Fran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/01 10:22:30 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini [2011/12/01 10:22:12 | 000,029,637 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2011/12/01 10:21:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2011/12/01 10:20:32 | 000,003,354 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2011/12/01 09:00:57 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011/12/01 09:00:27 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011/11/30 10:21:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Fran\Local Settings\Application Data\fusioncache.dat [2011/11/30 10:05:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/11/30 09:56:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/11/30 02:49:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/11/30 02:48:08 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT < End of report > Extras.Txt OTL Extras logfile created on: 8/8/2012 11:21:10 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Fran\My Documents\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.09 Mb Total Physical Memory | 305.59 Mb Available Physical Memory | 29.90% Memory free 2.40 Gb Paging File | 1.80 Gb Available in Paging File | 74.88% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.32 Gb Total Space | 118.17 Gb Free Space | 81.88% Space Free | Partition Type: NTFS Computer Name: FRAN-A706F34BFF | User Name: Fran | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1547161642-688789844-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8 "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{C09377D8-DB6A-42B9-9EBE-A670D0ABDB4F}" = AGEIA PhysX v6.11.13 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Canon MP210 series User Registration" = Canon MP210 series User Registration "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "CutePDF Writer Installation" = CutePDF Writer 2.8 "ESPNMotion" = ESPNMotion "F7BEB6FC52AF79E7930BED99BF6B681F4C370550" = Windows Driver Package - AGEIA Technologies, Inc. (athena) AGEIAHardware (11/09/2006 1.0.6) "Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR "Hauppauge WinTV Source Selector" = Hauppauge WinTV Source Selector "Hauppauge WinTV2000" = Hauppauge WinTV2000 "ie8" = Windows Internet Explorer 8 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "Online Manuals for WinTV (English)" = Online Manuals for WinTV (English) "Picasa 3" = Picasa 3 "PROSet" = Intel(R) PRO Network Connections Drivers "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0 "Security Task Manager" = Security Task Manager 1.8d "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1547161642-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.8.0.723 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/8/2012 8:34:51 AM | Computer Name = FRAN-A706F34BFF | Source = Media Center Receiver | ID = 4 Description = TV tuner malfunction. (0x80040265) Hauppauge WinTV TvTuner Error - 4/9/2012 1:09:56 PM | Computer Name = FRAN-A706F34BFF | Source = Media Center Receiver | ID = 4 Description = TV tuner malfunction. (0x80040265) Hauppauge WinTV TvTuner Error - 4/9/2012 4:13:42 PM | Computer Name = FRAN-A706F34BFF | Source = Media Center Receiver | ID = 4 Description = TV tuner malfunction. (0x80040265) Hauppauge WinTV TvTuner Error - 4/9/2012 4:34:07 PM | Computer Name = FRAN-A706F34BFF | Source = Media Center Receiver | ID = 4 Description = TV tuner malfunction. (0x80040265) Hauppauge WinTV TvTuner Error - 4/9/2012 4:51:18 PM | Computer Name = FRAN-A706F34BFF | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/9/2012 4:51:20 PM | Computer Name = FRAN-A706F34BFF | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/10/2012 8:07:50 AM | Computer Name = FRAN-A706F34BFF | Source = Media Center Receiver | ID = 4 Description = TV tuner malfunction. (0x80040265) Hauppauge WinTV TvTuner Error - 4/11/2012 12:34:16 AM | Computer Name = FRAN-A706F34BFF | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/11/2012 12:34:33 AM | Computer Name = FRAN-A706F34BFF | Source = Application Hang | ID = 1001 Description = Fault bucket 2058867196. Error - 4/11/2012 10:01:26 AM | Computer Name = FRAN-A706F34BFF | Source = Media Center Receiver | ID = 4 Description = TV tuner malfunction. (0x80040265) Hauppauge WinTV TvTuner [ System Events ] Error - 8/6/2012 12:03:09 PM | Computer Name = FRAN-A706F34BFF | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: %%837 Error - 8/6/2012 12:04:25 PM | Computer Name = FRAN-A706F34BFF | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 8/6/2012 12:13:11 PM | Computer Name = FRAN-A706F34BFF | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1168.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Error - 8/6/2012 12:15:21 PM | Computer Name = FRAN-A706F34BFF | Source = Service Control Manager | ID = 7034 Description = The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). Error - 8/6/2012 12:16:28 PM | Computer Name = FRAN-A706F34BFF | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 8/6/2012 12:20:36 PM | Computer Name = FRAN-A706F34BFF | Source = Service Control Manager | ID = 7034 Description = The Photoshop Elements Device Connect service terminated unexpectedly. It has done this 1 time(s). Error - 8/6/2012 12:20:36 PM | Computer Name = FRAN-A706F34BFF | Source = Service Control Manager | ID = 7034 Description = The Adobe Active File Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 8/6/2012 12:26:57 PM | Computer Name = FRAN-A706F34BFF | Source = PlugPlayManager | ID = 11 Description = The device Root\LEGACY_40F4961A9B556C6E\0000 disappeared from the system without first being prepared for removal. Error - 8/6/2012 12:30:19 PM | Computer Name = FRAN-A706F34BFF | Source = Service Control Manager | ID = 7022 Description = The SharedAccess service hung on starting. Error - 8/8/2012 9:52:57 AM | Computer Name = FRAN-A706F34BFF | Source = Tcpip | ID = 4199 Description = The system detected an address conflict for IP address 192.168.5.194 with the system having network hardware address 18:20:32:2A  4:40. Network operationson this system may be disrupted as a result. < End of report > |
16-Aug-2012, 05:56 PM
#15 | ||||||||
| Hello there. Right, we need to uninstall a few programs as they are known to cause some issues. Uninstall Program(s) using Add or Remove Programs
Next Run ESET Online Scan
|
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
button.
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop. 
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.