dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2319
Barendd
join:2011-10-25

1 edit

Barendd

Member

HJT Log Severe System Slow Down

Hi, my computer has recently been experiencing extreme system slowdown, to the point of rendering it sometimes almost unusable. The effect is strongest when I am browsing the web, but is still present even if I have no internet browser open. Unfortunately, as part of my job I have to regularly transfer files on a flash drive between my own laptop and the computer in a media lab classroom, which I know is infected with a multitude of viruses. Despite strong precautions on my part, I am worried that one or more viruses might have gotten through in one of these transfers. I have run a number of anti-virus scans, which have found nothing of note, but the problem still persists. Any help would be greatly appreciated!

Steps I followed before making this post:
Updated and ran a full scan with Mcafee VirusScan Enterprise. Nothing found.
Updated and ran a full scan with SUPERAntiSpyware Free Edition. Nothing found.
Ran a full scan using ESET Online Scanner. Nothing found.
Ran a full scan using Kaspersky Virus Removal Tool. Found 5 system vulnerabilities, but no viruses.
Ran a full scan using F-Secure Online Virus Scanner. Nothing found.
Ran a full scan using Spybot S&D. Nothing found.
Ran a full scan using Ad-aware. Nothing found.

HijackThis log: [Removed]

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

Hi, please follow all the steps for our forum carefully:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

We haven't used HijackThis in quite awhile, it has been 'retired' here

Our FAQ will tell you what programs we need and how to attempt to get them to run . Do not run any other tools we do not ask for.

It will also show what logs need to be attached to your post - as well as where to locate them

Post back when completed, we'll be waiting

»Security Cleanup FAQ »How to post for assistance
Barendd
join:2011-10-25

Barendd

Member

Alright, I wasn't sure if you would prefer for me to post this to a new thread or keep it here, but if you would like me to move it to a new thread, just let me know. Following are the generated logs from Malwarebytes Anti-Malware, OTL, Security Check, and ESET Online Scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8111

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/8/2011 10:19:39 PM
mbam-log-2011-11-08 (22-19-38).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 319898
Time elapsed: 11 hour(s), 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 11/15/2011 2:05:30 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Justin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 356.37 Mb Available Physical Memory | 39.89% Memory free
2.09 Gb Paging File | 1.05 Gb Available in Paging File | 50.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.71 Gb Total Space | 16.38 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.32 Gb Free Space | 53.20% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/12 10:45:34 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/04/10 23:28:12 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/14 19:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 19:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 19:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 19:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/19 10:33:19 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/06/03 18:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2005/08/23 06:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/30 14:14:23 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/06/28 10:33:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/14 19:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/16 02:25:22 | 000,248,416 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/11/02 07:49:21 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\39772986.sys -- (39772986)
DRV - [2011/08/19 10:33:15 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/03 21:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 21:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 15:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.pugetsound.edu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.pugetsound.edu%2fowa%2f
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/|https://webmail.pugetsound.edu/exchweb/bin/auth/owalogon.asp?url=https://webmail.pugetsound.edu/Exchange/&reason=0&replaceCurrent=1"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/15 07:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/15 07:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 13:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/19 15:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/04 23:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/19 15:08:07 | 000,000,000 | ---D | M]

[2011/03/09 21:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2011/03/09 21:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/04 10:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2lx9ljnx.default\extensions
[2010/08/29 10:16:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2lx9ljnx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/04 10:36:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2lx9ljnx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/09/01 11:05:50 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2lx9ljnx.default\extensions\foxyproxy@eric.h.jung
[2011/09/29 07:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\rcbxb7cc.Justin\extensions
[2010/12/04 11:12:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\rcbxb7cc.Justin\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 11:39:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\rcbxb7cc.Justin\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/11 13:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 08:39:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/29 13:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/11 13:18:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/07 19:31:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 13:18:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/02/18 02:15:24 | 000,622,039 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com #[server down?]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16422 more lines...
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nusbantivirus] C:\Program Files\Naevius USB Antivirus\usbantivirus.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_39772986.lnk = File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_69508811.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.201.106.7 202.201.106.8 202.201.106.9 202.201.89.131 202.201.0.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06602900-9722-4E05-B06F-7793462CC5C1}: DhcpNameServer = 202.201.106.7 202.201.106.8 202.201.106.9 202.201.89.131 202.201.0.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{973D89AB-DECB-46A9-ACA2-6356708703CF}: DhcpNameServer = 202.201.106.7 202.201.106.8 202.201.106.9 202.201.89.131 202.201.0.132
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/06 14:13:10 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/04 12:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/11/04 12:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/04 12:11:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Justin\Desktop\HJTInstall.exe
[2011/11/03 13:00:12 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\39772986.sys
[2011/11/01 15:16:41 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\f-secure
[2011/10/29 13:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/29 13:27:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/29 13:27:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/29 13:27:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/11/15 13:52:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-263065739-974920414-1317667849-1000UA.job
[2011/11/15 13:35:26 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 13:35:26 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 12:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 07:45:50 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/15 07:45:50 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/14 14:52:24 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-263065739-974920414-1317667849-1000Core.job
[2011/11/13 10:26:10 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/13 10:25:18 | 935,395,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/07 04:54:45 | 000,000,204 | ---- | M] () -- C:\Windows\System32\C
[2011/11/06 14:13:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/04 12:14:29 | 000,001,876 | ---- | M] () -- C:\Users\Justin\Desktop\HijackThis.lnk
[2011/11/04 12:11:39 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Justin\Desktop\HJTInstall.exe
[2011/11/03 13:05:50 | 000,000,806 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_39772986.lnk
[2011/11/02 07:49:21 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\39772986.sys
[2011/10/30 10:26:02 | 000,000,806 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_69508811.lnk
[1 C:\Users\Justin\Documents\*.tmp files -> C:\Users\Justin\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/11/11 07:35:05 | 935,395,328 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/04 12:14:29 | 000,001,876 | ---- | C] () -- C:\Users\Justin\Desktop\HijackThis.lnk
[2011/11/03 13:05:50 | 000,000,806 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_39772986.lnk
[2011/10/30 10:26:02 | 000,000,806 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_69508811.lnk
[2011/06/19 01:12:22 | 000,468,264 | ---- | C] () -- C:\Users\Justin\AppData\Local\census.cache
[2011/06/19 01:11:25 | 000,178,482 | ---- | C] () -- C:\Users\Justin\AppData\Local\ars.cache
[2011/06/16 13:32:34 | 000,000,036 | ---- | C] () -- C:\Users\Justin\AppData\Local\housecall.guid.cache
[2011/05/18 10:15:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pngfilt.dll
[2011/05/13 14:35:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/13 14:35:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/20 12:01:22 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/02/20 12:01:22 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/02/20 12:01:21 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/02/20 00:34:40 | 000,037,403 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/18 17:26:34 | 000,055,474 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/10/22 12:32:56 | 000,000,680 | ---- | C] () -- C:\Users\Justin\AppData\Local\d3d9caps.dat
[2010/10/05 19:11:40 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2010/08/16 20:30:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/16 20:29:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WMVSDECD.DLL
[2010/08/16 20:29:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 11:18:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/06/28 15:07:09 | 000,028,672 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 14:13:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 19:07:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\NlsLexicons0013.dll
[2010/06/18 19:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\NlsData000c.dll
[2010/06/14 10:43:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/06/03 18:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/29 12:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/06 15:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/12/10 08:00:00 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,397,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/08/27 17:27:23 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.anki
[2011/08/27 10:32:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.matplotlib
[2011/02/17 23:02:11 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools Lite
[2011/11/01 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\f-secure
[2010/10/08 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\mplayer
[2010/08/20 10:07:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\OpenOffice.org
[2011/03/09 21:47:31 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Thunderbird
[2011/05/24 12:08:38 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Trusteer
[2011/11/13 08:15:35 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/10/23 11:11:20 | 000,000,216 | ---- | M] ()(C:\Windows\System32\?;Ä;) -- C:\Windows\System32\;Ä;
[2011/10/23 11:11:06 | 000,000,216 | ---- | C] ()(C:\Windows\System32\?;Ä;) -- C:\Windows\System32\;Ä;
[2011/09/29 10:42:12 | 000,030,720 | ---- | M] ()(C:\Users\Justin\Documents\?????????(??).doc2010.9.doc) -- C:\Users\Justin\Documents\.doc2010.9.doc
[2011/09/29 10:25:26 | 000,030,720 | ---- | C] ()(C:\Users\Justin\Documents\?????????(??).doc2010.9.doc) -- C:\Users\Justin\Documents\.doc2010.9.doc
[2011/06/24 00:09:49 | 000,000,208 | ---- | M] ()(C:\Windows\System32\?ü??) -- C:\Windows\System32\ü—
[2011/06/24 00:08:56 | 000,000,208 | ---- | C] ()(C:\Windows\System32\?ü??) -- C:\Windows\System32\ü—
[2011/01/03 16:35:16 | 000,022,528 | ---- | M] ()(C:\Users\Justin\Documents\???.doc) -- C:\Users\Justin\Documents\.doc
[2011/01/03 16:35:14 | 000,022,528 | ---- | C] ()(C:\Users\Justin\Documents\???.doc) -- C:\Users\Justin\Documents\.doc
[2010/08/31 17:20:49 | 000,000,030 | ---- | M] ()(C:\Windows\System32\?ñ?ñ) -- C:\Windows\System32\ññ
[2010/08/31 17:20:49 | 000,000,030 | ---- | C] ()(C:\Windows\System32\?ñ?ñ) -- C:\Windows\System32\ññ

OTL Extras logfile created on: 10/12/2011 10:54:16 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Justin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 436.34 Mb Available Physical Memory | 48.84% Memory free
2.00 Gb Paging File | 1.33 Gb Available in Paging File | 66.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.71 Gb Total Space | 17.81 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.32 Gb Free Space | 53.20% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05193EA5-3653-4053-95BF-2A68CF2447D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{0AA3E994-D918-4EDD-97A8-745B6ED259C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{338BBF26-0AB9-47D0-A910-5FC97CB1C4CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A872738-79A5-4BE7-83F5-4BF668EE6E9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{455C4031-A8A5-4ACC-9E4C-33D9072CE96B}" = lport=138 | protocol=17 | dir=in | app=system |
"{5CEDC9AC-A314-40D3-A992-A9716A40D682}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6054D3D5-2E95-4C5F-8612-972DFC3624FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{9BC59D1A-518F-4749-82E7-3F655A250499}" = lport=137 | protocol=17 | dir=in | app=system |
"{D877F81F-82D1-45F9-9750-E369A41B5B67}" = lport=445 | protocol=6 | dir=in | app=system |
"{EFFD4615-D87B-452F-B1BE-70C75518E86F}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF5F909B-DD6C-436F-A16B-1E492948F3F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33EAFF10-585A-41FD-8A52-A44F869E95D5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{378CE52D-4234-4119-9954-3E3BB1CD3D51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3AAE7CF5-3A40-408D-83DD-B141A12EBA1B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3ECA9BE2-B82B-40C2-8C71-CD450FDFA2FA}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{410D5A8B-956E-443A-AF81-38A81A06491F}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{49314C6A-EA02-414D-8CC0-BA281ED0BC70}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4E5AFE4F-EC9B-47B0-862A-B9D7061C49D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6DDADB72-4286-49D1-B49E-C9EBAE1EADD7}" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{738A5CD7-548F-480B-BBEE-8C8040E0FD72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A817419-6D02-49E5-8E56-90ADD999D31A}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{7B76EB7C-EBDC-490E-80DB-FA6DF716D831}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{7CA60ED2-4719-4B58-9DBB-929BF4D82992}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85DC8EF8-48C1-432A-9276-61129E305F58}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{86FA76F7-9FF0-4886-B540-9B1BCB736AC6}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{8D93471A-93FC-405A-B71D-EB11AE2A2BB0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{9354CE64-7D08-4F66-B2E1-A7123518518C}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{95EAB2C3-48A9-4061-B6B6-D0A3C470112F}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{9C9F7BB2-3C93-4FE9-8ED4-82AD4767F566}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{A091ED34-1C10-4996-9B6C-E8511011ED8D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A2957EF2-3413-4551-B6B0-11033A01AD78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7959C31-F8D8-4DB1-A392-099BD2AFC836}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7EDC0E4-F726-4C63-945B-4147F04085C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B284C70D-E30A-435A-9AE4-9FFB3AC5A344}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{B35E2C1A-F02F-4977-8708-A1F2D84FD669}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B36EAC77-6BD7-4930-9ED9-18E367029DA8}" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B59CB5C8-CA67-400F-821E-70D26847FF8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3633331-307C-45F6-8540-6B3A3A0BC455}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C378691E-2E57-4339-A443-40D838F874B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E53E8A80-6130-473F-B3FA-785BA3E6B52D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB18AAF5-4C58-4CEF-9063-A478AD271185}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7279600-B75D-45DD-9109-74F5FDCCAA23}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{DEA72CEF-3BC3-4370-9A63-4978B8201CE0}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{2C2D8C19-BD7B-486C-A8A2-E3D19A665D2C}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Anki" = Anki
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"ÖÐÊÀ½ç2£­È«ÃæÕ½Õù_is1" = ÖÐÊÀ½ç2£­È«ÃæÕ½Õù
"Rapport_msi" = Rapport
"Warcraft III" = Warcraft III
"WebWasher" = WebWasher
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/8/2011 10:53:35 AM | Computer Name = Justin-PC | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5400.1158 DAT version
6492.

Error - 10/9/2011 5:12:16 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application vstskmgr.exe, version 8.7.0.810, time stamp 0x4b3d15d1,
faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception
code 0xc0000005, fault offset 0x000136c9, process id 0x7b8, application start time
0x01cc864c148c5ece.

Error - 10/9/2011 5:38:11 AM | Computer Name = Justin-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3324 (0xcfc) Thread address : 0x772F5CA4 Thread message : Build VSCORE.14.1.0.524
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\SoftwareDistribution\DataStore\DataStore.edb

by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/9/2011 5:38:11 AM | Computer Name = Justin-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3304 (0xce8) Thread address : 0x772F5CA4 Thread message : Build VSCORE.14.1.0.524
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\ProgramData\Trusteer\Rapport\store\user\conf\352923\fsmmgmt2_var_0.tssvm.data

by C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/10/2011 2:05:36 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application AAWService.exe, version 9.0.0.0, time stamp 0x4e5ccf66,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
code 0xc0000005, fault offset 0x00066579, process id 0x6a0, application start time
0x01cc864c10bd472c.

Error - 10/10/2011 2:06:55 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program Ad-Aware.exe version 9.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10d4 Start Time: 01cc870062fe825d Termination Time: 534

Error - 10/10/2011 10:40:52 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 7.0.1.4288, time stamp 0x4e83b93a,
faulting module RapportUtil.dll, version 3.5.1105.59, time stamp 0x4e7f4c2a, exception
code 0xc0000005, fault offset 0x00159309, process id 0x8d4, application start time
0x01cc8653d2ff2551.

Error - 10/11/2011 5:26:39 AM | Computer Name = Justin-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2736 (0xab0) Thread address : 0x77645CA4 Thread message : Build VSCORE.14.1.0.524
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\ProgramData\McAfee\Common
Framework\Current\BOCVSE__1000\BocDet_VSE.McS by C:\Program Files\McAfee\Common
Framework\McScript_InUse.exe 4(1079)(0) 4(1079)(0) 7200(1079)(0) 7595(1079)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/11/2011 5:27:03 AM | Computer Name = Justin-PC | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 10/11/2011 9:59:07 AM | Computer Name = Justin-PC | Source = Application Hang | ID = 1002
Description = The program mbam-setup-1.51.2.1300.tmp version 51.52.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 88c Start Time: 01cc87d1bd27d956 Termination Time: 331

[ System Events ]
Error - 10/11/2011 12:08:40 AM | Computer Name = Justin-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 10/11/2011 2:35:22 AM | Computer Name = Justin-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 219.246.173.121. The computer with the IP address 219.246.173.69
did not allow the name to be claimed by this computer.

Error - 10/11/2011 2:35:27 AM | Computer Name = Justin-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 219.246.173.121. The computer with the IP address 219.246.173.69
did not allow the name to be claimed by this computer.

Error - 10/11/2011 2:40:39 AM | Computer Name = Justin-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 219.246.173.121. The computer with the IP address 219.246.173.69
did not allow the name to be claimed by this computer.

Error - 10/11/2011 2:41:27 AM | Computer Name = Justin-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 219.246.173.121. The computer with the IP address 219.246.173.69
did not allow the name to be claimed by this computer.

Error - 10/11/2011 2:46:39 AM | Computer Name = Justin-PC | Source = BROWSER | ID = 8009
Description =

Error - 10/11/2011 2:46:39 AM | Computer Name = Justin-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 219.246.173.121. The computer with the IP address 219.246.173.69
did not allow the name to be claimed by this computer.

Error - 10/11/2011 5:27:35 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/11/2011 3:39:30 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/11/2011 8:22:04 PM | Computer Name = Justin-PC | Source = DCOM | ID = 10010
Description =

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

Windows Firewall Enabled!
ESET Online Scanner v3
McAfee VirusScan Enterprise
McAfee AntiSpyware Enterprise Module
McAfee Agent
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

Ad-Aware
MVPS Hosts File
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 29
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (3.1.15) [color=red]Thunderbird Out of Date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

[color=red]Ad-Aware AAWService.exe is disabled![/color]
[color=red]Ad-Aware AAWTray.exe is disabled![/color]
[color=red]Spybot Teatimer.exe is disabled![/color]
McAfee VirusScan Enterprise engineserver.exe
McAfee VirusScan Enterprise vstskmgr.exe
McAfee VirusScan Enterprise mcshield.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise shstat.exe
``````````End of Log````````````

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=72160387260fb14f8d8b160a00e42252
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 10:57:05
# local_time=2011-10-13 06:57:05 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 155947965 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=170149
# found=0
# cleaned=0
# scan_time=41415
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=72160387260fb14f8d8b160a00e42252
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-29 10:02:53
# local_time=2011-10-29 06:02:53 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 157395531 0 0
# compatibility_mode=8192 67108863 100 0 640972 640972 0 0
# scanned=50937
# found=0
# cleaned=0
# scan_time=16167
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.DLL:pipe not connected. attempts=120
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=72160387260fb14f8d8b160a00e42252
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-29 09:42:26
# local_time=2011-10-30 05:42:26 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 157431517 0 0
# compatibility_mode=8192 67108863 100 0 676958 676958 0 0
# scanned=169938
# found=0
# cleaned=0
# scan_time=22171
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.DLL:pipe not connected. attempts=120
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=72160387260fb14f8d8b160a00e42252
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 06:39:50
# local_time=2011-11-16 02:39:50 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 132806 132806 0 0
# compatibility_mode=5892 16776574 100 100 646923 158877202 0 0
# compatibility_mode=8192 67108863 100 0 2122643 2122643 0 0
# scanned=170527
# found=0
# cleaned=0
# scan_time=34337

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to Barendd

MVM

to Barendd
There's no malware in the logs. I suspect your problem is one of and older processor, low memory, low free hdd space and modern programs.

What processor is in your computer??

You have less than 1gb of ram, for today's applications 2gb is a reasonable amount for 32bit systems.

I generally recommend free space of 25% of the hard drive for drive less than 250gb with a 10$ bottom limit. Also, you may have an older. slower harddrive that is 4300 or 5200 rpm.

Now to software. How long have you have Trusteer Rapport installed? I suspect that is taxing your computer.

I'll go back over the logs in the morning and post again after you respond.
Barendd
join:2011-10-25

Barendd

Member

Well, its a relief at least that I don't have any malware infecting my computer.

In answer to your questions, my processor is an AMD Turion 64 X2 Mobile Technology TL-50 1.60 GHz. I am not really sure what my hard disk RPM is.

I have 16.1 GB of free hard drive space out of a total of 101 GB, which I guess is below your 25% recommendation. Checking Disk Cleanup, I can can see that by deleting my Previous Windows installation I can free up 2 GB right away. Given that I don't think I will need any data from the previous Windows installation, is it safe to delete it?

I know that I GB of RAM is pretty deficient in this day and age, but I am working in Western China right now and I am not sure how easy is would be to purchase additional RAM for the computer. Would there be other ways that I could fight this system slowdown without purchasing more RAM?

Finally, I have not had Trusteer Rapport installed very long and to be honest am not sure that I really need it. Do you recommend I uninstall it?

Thank you very much for your help!

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to Barendd

MVM

to Barendd
Unless you think there will be a need to revert to the previous OS, then deleting it is no problem.

You can uninstall Rapport via Add/Remove programs and see if that makes a difference in your computer performance. Once you know, then you can leave it removed, or re-install it. I have no recommendation one way or the other.

There is no reason to keep the programs you installed for us. Cleanup instructions are in my next post.
LoPhatPhuud

1 recommendation

LoPhatPhuud to Barendd

MVM

to Barendd
Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
Barendd
join:2011-10-25

Barendd

Member

Alright, thank you for your help.