Jump to content


Photo

PC acting odd


  • This topic is locked This topic is locked
26 replies to this topic

#1 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 06 November 2010 - 07:54 AM

The past few days my PC has been acting different. Sometimes when clicking on a link to open a new tab, two tabs open (same page on both tabs). Also when I try to highlight to cut & paste or edit it sometimes doesn't work properly. I'm running Windows 7 64 bit and generally use Firefox with NoScripts. My Malwarebytes program doesn't indicate a problem, nor does Avast! Attached is a Hijackthis log however when I ran Hijack this I also got the message "Denied write access to the Hosts file." Thanks for any help given!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:09 AM, on 11/6/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9361 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 08 November 2010 - 08:07 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 16 November 2010 - 10:12 AM

Hi venicecoot!!.. :)

I'll need a much more detailed logfile:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 16 November 2010 - 11:45 AM

Hi snemelk and thanks for volunteering to assist me! As per your instructions I ran the OTL tool. My OTL.txt log is posted here. The EXTRAS.txt log I'll post next.

OTL logfile created on: 11/16/2010 12:35:31 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\jim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.77 Gb Total Space | 421.53 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
Drive D: | 9.89 Gb Total Space | 1.47 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 288.00 Gb Free Space | 96.62% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 12:34:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/11 08:37:26 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/06/11 08:37:24 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/06/11 08:37:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/05/20 23:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/18 10:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 10:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/24 21:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/03 14:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/27 16:31:24 | 000,328,992 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Quicken\qw.exe
PRC - [2008/09/30 13:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [1997/08/18 23:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
PRC - [1997/08/18 23:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/16 12:34:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/11 08:37:26 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/06/11 08:37:24 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 10:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 09:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 13:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 13:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:46:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:46:34 | 000,000,000 | ---D | M]

[2010/07/15 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Mozilla\Extensions
[2010/11/16 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\fp8kcd8i.default\extensions
[2010/11/12 12:13:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\fp8kcd8i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/07 14:42:20 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\fp8kcd8i.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/11/06 08:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\fp8kcd8i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/14 15:51:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/22 09:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/25 06:40:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 15:51:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/04 11:14:16 | 000,424,779 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14636 more lines...
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
O4 - Startup: C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/09 16:03:08 | 000,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 12:34:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
[2010/11/14 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/12 12:16:00 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Local\PackageAware
[2010/11/09 16:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/11/09 16:41:35 | 000,000,000 | ---D | C] -- C:\d42ea8c572ca9231617fa31daa
[2010/11/09 16:38:46 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Local\ElevatedDiagnostics
[2010/11/06 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/06 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Nikon
[2010/11/06 13:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2010/11/06 13:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2010/11/06 13:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2010/11/06 12:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2010/11/06 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2010/11/06 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\People
[2010/11/06 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2010/11/06 08:21:57 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\QuickScan
[2010/11/05 15:29:40 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/05 15:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/05 15:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/05 12:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/27 06:26:27 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 06:26:27 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 06:26:27 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 06:26:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 06:26:26 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 06:26:26 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 06:26:26 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 06:26:15 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/24 18:37:59 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/24 18:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/24 18:35:25 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/24 18:35:25 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/24 18:35:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/10/24 18:35:25 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/23 08:33:29 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Local\Windows Live
[2010/10/23 08:32:57 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/23 08:32:57 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/23 08:32:57 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/23 08:32:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/23 08:32:57 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/23 08:32:56 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/23 08:32:55 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/17 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/17 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

========== Files - Modified Within 30 Days ==========

[2010/11/16 12:34:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Desktop\OTL.exe
[2010/11/16 12:29:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/16 12:29:37 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/16 12:29:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/16 07:12:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/16 07:12:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 12:08:42 | 000,002,965 | ---- | M] () -- C:\Users\jim\Desktop\HiJackThis.lnk
[2010/11/14 08:33:42 | 000,018,432 | ---- | M] () -- C:\Users\jim\Desktop\1st resume.doc
[2010/11/13 20:42:16 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjim.job
[2010/11/13 08:26:48 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/13 08:26:48 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/13 08:26:48 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/13 08:21:50 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 09:34:46 | 000,000,220 | ---- | M] () -- C:\Users\jim\AppData\Roaming\wklnhst.dat
[2010/11/06 15:59:51 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/06 14:56:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/11/06 13:27:54 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/11/06 12:59:15 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sampler
[2010/11/06 12:59:15 | 000,000,268 | RH-- | M] () -- C:\Users\jim\AppData\Roaming\Rock
[2010/11/06 12:59:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ATL71.DLL
[2010/11/06 12:48:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/05 15:29:36 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/04 11:14:16 | 000,424,779 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/04 11:14:02 | 000,424,779 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101104-121416.backup
[2010/10/31 18:42:06 | 000,483,904 | ---- | M] () -- C:\Users\jim\Documents\JSTP_OCCFF_Healthcare_Litigation.pdf
[2010/10/31 09:59:23 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/10/23 08:30:32 | 000,423,309 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101104-121402.backup
[2010/10/17 19:25:10 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/11/14 12:08:42 | 000,002,965 | ---- | C] () -- C:\Users\jim\Desktop\HiJackThis.lnk
[2010/11/14 08:33:40 | 000,018,432 | ---- | C] () -- C:\Users\jim\Desktop\1st resume.doc
[2010/11/06 12:59:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler
[2010/11/06 12:59:15 | 000,000,268 | RH-- | C] () -- C:\Users\jim\AppData\Roaming\Rock
[2010/11/06 12:59:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/11/06 12:48:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/05 15:29:36 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/31 18:42:02 | 000,483,904 | ---- | C] () -- C:\Users\jim\Documents\JSTP_OCCFF_Healthcare_Litigation.pdf
[2010/10/29 18:39:08 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/17 19:07:13 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/15 14:37:15 | 000,000,220 | ---- | C] () -- C:\Users\jim\AppData\Roaming\wklnhst.dat
[2010/07/15 14:17:19 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1997/08/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1997/08/18 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
[1997/08/13 23:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1997/08/13 23:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\XLREC.DLL
[1997/08/13 23:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\RECNCL.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/08/13 18:31:11 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/11/13 08:21:50 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/15 10:54:24 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
[2010/11/13 08:21:54 | 1877,467,136 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#5 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 16 November 2010 - 11:47 AM

OK ... here's the EXTRAS log. Thanks again.

OTL Extras logfile created on: 11/16/2010 12:35:31 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\jim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.77 Gb Total Space | 421.53 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
Drive D: | 9.89 Gb Total Space | 1.47 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 288.00 Gb Free Space | 96.62% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A21FC72-611F-4ADC-B6A6-795E06D72324}" = Verizon Download Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA4FFFE4-0517-46AC-A19B-A8013985F766}" = Microsoft Live Search Toolbar
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Excel" = Microsoft Excel 97
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Word8.0" = Microsoft Word 97

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2010 6:55:12 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/10/2010 7:22:48 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/10/2010 7:22:59 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/11/2010 8:54:29 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/11/2010 8:54:40 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/12/2010 10:17:31 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/12/2010 10:17:42 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/13/2010 9:55:55 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/13/2010 9:56:05 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/14/2010 8:16:41 AM | Computer Name = jim-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 11/7/2010 3:16:33 PM | Computer Name = jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/7/2010 3:30:16 PM | Computer Name = jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/8/2010 7:27:12 AM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/8/2010 2:45:17 PM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 11/8/2010 7:17:52 PM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/8/2010 10:00:19 PM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 11/9/2010 7:50:09 AM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/9/2010 5:50:42 PM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 11/10/2010 5:28:40 AM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 11/10/2010 7:36:30 AM | Computer Name = jim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >

#6 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 16 November 2010 - 04:42 PM

Hi again venicecoot!!.. :)

Hi snemelk and thanks for volunteering to assist me!

No problem!!.. Let's see if we can find the culprit...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    C:\ProgramData\Sampler\* /s
    C:\Users\jim\AppData\Roaming\Rock\* /s

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click None at the upper bar...
  • Click the Run Scan button.
  • A log in Notepad will appear - OTL.txt. Paste it in your next reply.
  • Close OTL.exe

Thirdly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 November 2010 - 06:25 AM

Thanks snemelk. Here's the first log you requested.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jim
->Temp folder emptied: 418 bytes
->Temporary Internet Files folder emptied: 49152 bytes
->Java cache emptied: 1129553 bytes
->FireFox cache emptied: 48261587 bytes
->Flash cache emptied: 3477 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: jim
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11172010_071753

#8 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 November 2010 - 07:17 AM

Hello again snemelk.

OK ... below is the 2nd OTL log that you requested. I also ran the ESET scan and no malicious items were detected. The ESET did not seem to create a log however.

EDIT: OK, I guess this is the ESET log?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

OTL logfile created on: 11/17/2010 7:27:25 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\jim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.77 Gb Total Space | 421.47 Gb Free Space | 92.47% Space Free | Partition Type: NTFS
Drive D: | 9.89 Gb Total Space | 1.47 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 288.00 Gb Free Space | 96.62% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\ProgramData\Sampler\* /s >

< C:\Users\jim\AppData\Roaming\Rock\* /s >

< End of report >


Again, thanks for your assistance!

Edited by venicecoot, 17 November 2010 - 07:28 AM.


#9 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 17 November 2010 - 12:48 PM

Hi again venicecoot!!.. :)

Looks like your computer is malware-free... However, please check this file for me (file with no extension):

Note: you'll need to show hidden files to see the file...

Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:

C:\ProgramData\Sampler

Then click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

Please give me more information - please describe the problem in detail - when and how it happens...


If this problem persists only when using Firefox, please try the following:
- close all Firefox windows!
- go to Start --> All Programs --> open the Mozilla Firefox folder --> run Mozilla Firefox (Safe Mode), click the button: Continue in Safe Mode - now your browser will run in its default configuration, with any Add-ons disabled...
- does a problem persist in that browser's Safe Mode??..
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#10 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 November 2010 - 03:47 PM

Hello again snemelk,

Thank you again for your assistance and patience!

Here's the link to the virustotal scan results.
http://www.virustota...d4bf-1290029384

From what I see, it looks like nothing was found.

As far as I know, the problem only exists when I use Firefox ... but then again, the ONLY time I use Internet Explorer is if it is required (for instance the ESET Online Scanner you asked me to run).

The problem I encounter is that sometimes if I click on a link or a bookmark so as to open in a new tab, sometimes, but not always, two new tabs will open (both new tabs being to the same page).

The other symptom is if I am trying to highlight something, to cut & paste for example, sometimes (but not always), the process acts erratic (sometimes the highlighting works, sometimes it disappears). This erratic behavior only occurs if I am highlighting something on a webpage (like a hyperlink). It does not occur when I am using MS Word or Excel etc.

With the OTL tool, did we fix register errors?

Again, the problems I have do not happen all of the time and it is not a big nuisance. Anyway, I'm glad to know that the machine seems clean of malware.

Should I go back now and reset to defaults the hidden files? Anything else I should do?

Thanks!

Edited by venicecoot, 17 November 2010 - 03:48 PM.


#11 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 17 November 2010 - 04:20 PM

Hi again venicecoot!!.. :)

What you describe is a very strange bahaviour... Normally, I would blame a faulty mouse, but if it works ok in Word or Excel, the problem may lay in a different place...

With the OTL tool, did we fix register errors?

No, not exactly - we merely removed some orphaned entries and cleaned temporary files...

Should I go back now and reset to defaults the hidden files?

Yep... :)

Anything else I should do?

Did you try this (or you're in the middle of testing): (?)

If this problem persists only when using Firefox, please try the following:
- close all Firefox windows!
- go to Start --> All Programs --> open the Mozilla Firefox folder --> run Mozilla Firefox (Safe Mode), click the button: Continue in Safe Mode - now your browser will run in its default configuration, with any Add-ons disabled...
- does a problem persist in that browser's Safe Mode??..


c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#12 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 17 November 2010 - 07:21 PM

Hi snemelk,

Thanks for your efforts and persistence. I must say that for your location you do keep late night hours! Dziekuje! Is that correct?

Anyway ..

Yes, I have run Firefox in Safe Mode and have not had problems. Trouble is, the errors I get are not consistent. Often in Firefox normal mode (by normal, I mean normal for me, with the add ons) I don't have problems .. it is only sometimes. Intermittent problems are difficult to trace or understand, I know. I am relieved that no malware seems apparent so maybe it is hardware. I can change out my mouse easily which I will do tomorrow. If after doing that change if problems continue I'll re-open this and ask for your help again.

I have now reset defaults on the hidden files. I have always avoided using a Registry Cleaner/Fix tool; do you recommend a tool for this?

Unless there is something else I should be checking I thank you again. You are terrific and I thank you again for your time in volunteer service to help keep the Internet a safe place!

Edited by venicecoot, 18 November 2010 - 12:07 PM.


#13 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 18 November 2010 - 12:06 PM

Hi snemelk,

I had been using Firefox in safe mode for over a day and had no issues at all. I then switched back to Firefox with the add-ons and once again, with a few minutes I had tabs acting odd again. Is it possible that No Scripts could be causing this? Or something else?

By the way, changing the mouse did not solve the problem.

Thanks!

Edited by venicecoot, 18 November 2010 - 12:13 PM.


#14 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 19 November 2010 - 11:03 AM

Hi again venicecoot!!.. :)

Thanks for your efforts and persistence.
(...)
You are terrific and I thank you again for your time in volunteer service to help keep the Internet a safe place!

You're welcome!!.. :thumbup:
And thank you for the very kind words!!..

I must say that for your location you do keep late night hours! Dziekuje! Is that correct?

The message was posted at 11:20 PM, so not so bad, went to sleep shortly after that... ;)
Yep, "dziękuję" is the correct way of saying "thank you"...

I have always avoided using a Registry Cleaner/Fix tool; do you recommend a tool for this?

Actually, no... I do, like most of security experts/Helpers, not recommend using any "registry cleaners"... In some situations they can cause more harm than good, and if you want to speed up your computer, there are many different ways to do so (properly uninstall old programs, clean temporary files, disable some programs from running on startup)...

I had been using Firefox in safe mode for over a day and had no issues at all. I then switched back to Firefox with the add-ons and once again, with a few minutes I had tabs acting odd again. Is it possible that No Scripts could be causing this? Or something else?

Hmmm, so we have narrowed the problem down to some Firefox Add-on, good... Please run Firefox (in Normal Mode), choose: Tools --> Add-ons, and post here the names of all the Add-ons listed there...
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#15 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 19 November 2010 - 01:44 PM

Hi again snemelk,

OK here are the Add-ons:

BitDefender Quick Scan 0.9.50 (I don't recall ever downloading this one and is is presently in disabled mode)
YouTube Video Downloader 3.6
Java Console 6.0.21
Java Console 6.0.20
Java Console 6.0.22 (I'm guessing here that I don't need/shouldn't have the .20 and .21 since I have the .22, but I'll wait for your advice)
No Script 2.0.5.1

One more odd thing that I am now experiencing is on my gmail email program. Sometimes when I want to place a check mark next to a particular message to either delete it or to save it as unread, sometimes the check works and sometimes the check "disappears." This is not an issue for me and it well may be simply gmail related. However, I think the more info you have the better!

Thanks again!

Edited by venicecoot, 19 November 2010 - 01:50 PM.


#16 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 20 November 2010 - 09:25 AM

Hi again venicecoot!!.. :)

One more odd thing that I am now experiencing is on my gmail email program. Sometimes when I want to place a check mark next to a particular message to either delete it or to save it as unread, sometimes the check works and sometimes the check "disappears."

We'll see if it vanishes with other problems you're experiencing...

Java Console 6.0.22 (I'm guessing here that I don't need/shouldn't have the .20 and .21 since I have the .22, but I'll wait for your advice)

These old Java Add-ons are just leftovers - an uninstaller usually misses them... You can get rid of u20 and u22 versions by following these steps:
- close Firefox
- right-click the Firefox icon and choose: "Run as administrator"
- choose Uninstall for these old versions, and reboot Firefox... They'll be gone...

Personally, I would start with disabling the YouTube Video Downloader 3.6 Add-on temporarily - Tools --> Add-ons --> click Disable by that Add-on...
Then check if problem persists... If yes, re-enable that "YouTube..." Add-on and disable No Script temporarily... Does a problem persist??..
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#17 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 20 November 2010 - 02:53 PM

Thanks snemelk,

These old Java Add-ons are just leftovers - an uninstaller usually misses them... You can get rid of u20 and u22 versions by following these steps:


I'm assuming that you meant to uninstall the Java versions 20 and 21 and leave the version 22 which is what I have now done.

I've also now disabled the You Tube Downloader.

Now only time will tell if this is the fix. As I said, I know it is difficult to diagnose and test since the errors are not consistently repeatable.

Your help is again much appreciated!

#18 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 22 November 2010 - 11:50 AM

Hello again snemelk,

Good news! Since I disabled the You Tube add-on my PC has been stable. Even my gmail program appears to be more stable. I believe that the problem has been solved. Great computer analysis work on your part and I thank you very much!

Unless there is something else that you recommend that I do, I think that we can consider this issue to be fully resolved.

I very much appreciate the help you have given me and I thank you for your volunteer work on this forum.

Edited by venicecoot, 22 November 2010 - 11:51 AM.


#19 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 22 November 2010 - 04:21 PM

Hi again venicecoot!!.. :)

Good news! Since I disabled the You Tube add-on my PC has been stable. Even my gmail program appears to be more stable. I believe that the problem has been solved.

That's a really good news, indeed!!.. :thumbup: I'm glad to see it!!..

I very much appreciate the help you have given me and I thank you for your volunteer work on this forum.

Thank you!!.. :)

You can either keep that Add-on disabled or uninstall it from Firefox... As you wish...


We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Run Adobe Reader --> Help --> Check for updates - let it update to the newest version - 9.4.1

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Then,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You can also check my site - snemelk.hekko.pl:
A few steps to make your web browsing safer :thumbup:

Also, I recommend you to read this Tony Klein's excellent article: How I got Infected in the First Place?

:wave:
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#20 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 24 November 2010 - 07:39 AM

Hello again snemelk,

Grrrr ... Bad news here as last night and again this morning the PC is acting up once again. It is very odd that the condition doesn't appear to be repeatable. I was sure that all was well, and it was for a period of time.

At this point I do have the YouTube down loader on disable, I have uninstalled Flash player and the downloaded and installed Flash. The Adobe Reader I have installed is 9.4.1 so if my previous logs indicated otherwise it must have updated (or I must have) already updated.

When the PC was acting odd again I did disable No Script but no change for the better occurred. The only other Add on is the Java console. I have not tested with the Java console in disable mode.

I did go to your site last week and read your tips and also read about Silesia from your other link. Interesting!

Any other ideas at this point?

Thanks!!!

EDIT:

I was just in gmail again as the PC was acting odd. I went ahead and did disable the Java console, restarted Firefox and went back to gmail. I no longer had the problem. Of course I don't know if disabling Java fixed it or if restarting Firefox did. Is there any point to uninstalling the Java console and then installing it again? Thanks again.

Edited by venicecoot, 24 November 2010 - 07:51 AM.


#21 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 24 November 2010 - 09:44 AM

Hi again venicecoot!!.. :)

Grrrr ... Bad news here as last night and again this morning the PC is acting up once again. It is very odd that the condition doesn't appear to be repeatable.

Yep, the issue is very odd...

Is there any point to uninstalling the Java console and then installing it again?

Hmmm, is that Java Console Add-on still disabled??.. If yes, keep it disabled for a while and check if the problem re-appears...

Any other ideas at this point?

Well, if the problem re-appears, I'd recommend putting the browser back to its default settings... If the problem is limited to Firefox only, that would be worth trying...

If you decide, please do the following:

- do a backup of your current settings, either by using these instructions: Backing up your information or this program: MozBackup
- then: Start --> All Programs --> open the Mozilla Firefox folder --> run Mozilla Firefox (Safe Mode)
- in the window that appears (image), select all of the options and click: Make Changes and Restart - "this restarts Firefox in normal mode and applies the changes in any of the options selected above"... (you can take a look here: Safe Mode options in Firefox, if you wish to know the details)

- if the problem persists, please create a new profile in Firefox: Creating a new profile, and check if the browser behaves in the same way in it...

- if the problem persists, please perform a clean reinstall

- if the problem persists, it is probably not an issue with your Firefox, I guess...
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#22 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 26 November 2010 - 09:17 AM

Hello again snemelk,

I want to give you a status update on my issue. For the past couple of days I have had the Java Console in disable mode. So far, my system has been stable, having none of the problems we have been working on.

I don't know that I actually need Java Console. From what little I know (and it is very little), Java Console is a tool for programming diagnostics. Is that correct? I also note that when Java Console is not disabled and I click on TOOLS and then Java Console, the console does not open. I have tried to open Java Console in administrator mode and still it doesn't open.

Again, I am hopeful that you might now have isolated the problem for me.

And I again, I very much thank you for your time, your expertise and your continued patience!

EDIT: This morning I also noticed that an update was available for the NoScripts add-on, so I am now using 2.0.7

Edited by venicecoot, 26 November 2010 - 10:10 AM.


#23 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 26 November 2010 - 11:18 AM

Hi again venicecoot!!.. :)

For the past couple of days I have had the Java Console in disable mode. So far, my system has been stable, having none of the problems we have been working on.

Good!.. :) I'll leave the thread opened for at least 2 weeks, in case you need further advice...

I don't know that I actually need Java Console. From what little I know (and it is very little), Java Console is a tool for programming diagnostics. Is that correct? I also note that when Java Console is not disabled and I click on TOOLS and then Java Console, the console does not open. I have tried to open Java Console in administrator mode and still it doesn't open.

I do also not have much experience with Java console in Firefox... I see you do not have to have this Add-on enabled for Java applets to work... Read the note here: Java Console disabled, it explains why nothing happens if you click Java console in menu...

And I again, I very much thank you for your time, your expertise and your continued patience!

No problem at all!!.. :]
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#24 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 27 November 2010 - 06:55 PM

Hello again snemelk,

Again, thanks for all your help and for suggesting to keep this thread alive as I test and hopefully resolve my issue.

Latest is that again today, with the Java Console disabled, the issues occurred again. I've now gone ahead and performed a clean reinstall of Firefox as you suggested. I'll keep you informed as this next try to fix is tested.

Thanks!

#25 venicecoot

venicecoot

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 01 December 2010 - 09:15 AM

Hello again snemelk,

Good news! I am now certain that the clean reinstall of Firefox has solved the issues we have been working on. Immediately upon doing the reinstall I could notice some very specific changes in Firefox. Firefox loaded faster, web-pages loaded faster, switching between open tabs was reliable, opening new tabs was faster and without errors. Cut & paste was completely accurate. Even changing the No Scripts option to temporarily allow Scripts on a particular page works perfectly reliable and without errors (before the reinstall I sometimes had to click twice to do a temporary allow).

Since doing the clean reinstall I noticed that Java Console no longer appeared as an add-on. I'm guessing that Java Console may re-install next time there is a Java update? But in any case, the machine works great without the Java Console and the Console is nothing that I have ever used anyway. I then re-enabled the You Tube download add-on and again, no problems at all.

I again give you many thanks for your help and support in guiding me through the process of fixing my machine. You are terrific!

#26 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 01 December 2010 - 12:52 PM

Hi again venicecoot!!.. :)

I'm really glad that the issue seems to be solved, eventually!!.. :D

It's certainly a fun to browse a web without any glitches or errors!.. And yes, I suppose that the Java console Add-on will be installed with a new version of Java...

I again give you many thanks for your help and support in guiding me through the process of fixing my machine. You are terrific!

You're welcome!!.. :)
And thank you for these very kind words!!.. :thumbup:
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#27 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 17 December 2010 - 11:14 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button