Windows Explorer running abnormally slow...

CMeyers3 · Sep 16, 2012

EXTRAS.txt

OTL Extras logfile created on: 9/16/2012 10:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Erik\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.84% Memory free
4.84 Gb Paging File | 4.48 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 412.72 Gb Free Space | 88.61% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 50.92 Gb Free Space | 21.87% Space Free | Partition Type: NTFS

Computer Name: ERIKS-DESKTOP | User Name: Erik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Erik\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe" = C:\Program Files\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe:*:Enabled:Migration Assistant -- (Apple Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E1C21CD-72E7-4CE4-3D1D-99D8EEE0461A}" = ccc-core-preinstall
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13D70D56-F630-F75C-F539-D7ABDD2B0E01}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CE5094-E271-1324-3485-55D8B65A11C9}" = Catalyst Control Center HydraVision Full
"{481C3B08-AC10-6F0B-4C2A-245677794AED}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC1F66E-6ECD-0D6C-B1BE-AE3E8511DC3A}" = Catalyst Control Center Graphics Light
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB4641A9-0406-3E11-10D9-B60BB1CC9487}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{ADF87E23-1B68-9043-C154-9162489A9125}" = Catalyst Control Center Graphics Full Existing
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C182D467-6F0A-418A-8B38-788F376F7502}" = Windows Migration Assistant
"{C19F299F-3B32-3930-12D3-FDF1394EE6AB}" = ccc-core-static
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4CBDA3F-E1AF-489C-6BE7-CF3B75D55580}" = Catalyst Control Center Core Implementation
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E74BF7D6-8F76-0E37-8B11-0FA9DD0C4419}" = ccc-utility
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D1F753-A87A-5799-3676-FD81070C66D8}" = Skins
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Spyder3Express" = Spyder3Express
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Kies Air Discovery Service" = Kies Air Discovery Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2012 8:24:04 AM | Computer Name = ERIKS-DESKTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/15/2012 9:17:15 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.2.0.27708, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:26:20 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:27:48 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:28:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 4:19:47 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:34:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:36:25 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 9:56:59 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 10:59:08 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 8/29/2012 8:24:04 AM | Computer Name = ERIKS-DESKTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/15/2012 9:17:15 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.2.0.27708, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:26:20 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:27:48 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 12:28:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.140, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 4:19:47 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:34:40 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 8:36:25 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 9:56:59 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application appRemoverCore.exe, version 2.2.29.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2012 10:59:08 PM | Computer Name = ERIKS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/16/2012 8:39:06 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:41:06 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:43:06 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:46:28 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 8:48:29 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 10:43:16 PM | Computer Name = ERIKS-DESKTOP | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 9/16/2012 10:49:34 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/16/2012 10:51:15 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 9/16/2012 11:00:36 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/16/2012 11:01:59 PM | Computer Name = ERIKS-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

< End of report >

Broni · Sep 16, 2012

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64364
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64364
IE - HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKU\S-1-5-21-1957994488-115176313-725345543-1005..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" File not found
[2011/06/22 01:00:51 | 000,008,570 | -HS- | C] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\2sj84r4yr1d5210755e
[2011/06/22 01:00:51 | 000,008,476 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e
[2009/06/14 01:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/16 00:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Viewpoint

:Services

:Reg

:Files
C:\Program Files\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==========================================

You can reinstall AVG now.

Next...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.

Click on Search.

A logfile will automatically open after the scan has finished.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[R1].txt as well.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

CMeyers3 · Sep 16, 2012

OTL Log:

All processes killed
========== OTL ==========
No active process named ViewpointService.exe was found!
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1957994488-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1957994488-115176313-725345543-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart deleted successfully.
C:\Documents and Settings\Erik\Local Settings\Application Data\2sj84r4yr1d5210755e moved successfully.
C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Erik\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Program Files\Viewpoint\Common folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 21843377 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

User: Erik
->Temp folder emptied: 927270 bytes
->Temporary Internet Files folder emptied: 390996 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78501458 bytes
->Google Chrome cache emptied: 46423756 bytes
->Flash cache emptied: 62564 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1671302 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2494 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 11094 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53047 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Erik
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Erik
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 09162012_225220

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

CMeyers3 · Sep 16, 2012

Security Check:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 4 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spyder3Express
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
JavaFX 2.1.1
Java(TM) 6 Update 12
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Mozilla Thunderbird 14.0. Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

CMeyers3 · Sep 16, 2012

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Erik (administrator) on 16-09-2012 at 22:59:06
Running from "C:\Documents and Settings\Erik\Desktop"
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2007-02-18 16:37] - [2007-12-01 00:25] - 0126976 ____A (Microsoft Corporation) 1CCE370E4208B753586C0A1D88DAC6B6

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-03 17:14] - [2007-11-30 18:17] - 0138112 ____A (Microsoft Corporation) E5D9213212ED08DC5F985049F7C68C09

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-03 17:14] - [2007-11-30 18:19] - 0162816 ____A (Microsoft Corporation) C181E1F7A2A251B7AF6352DCBD8457F3

C:\WINDOWS\system32\Drivers\tcpip.sys
[2007-02-18 16:39] - [2007-11-30 18:18] - 0361344 ____A (Microsoft Corporation) 19EBDA988DA80F133DC9E28A50F606E8

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-03 17:14] - [2007-11-30 18:17] - 0075264 ____A (Microsoft Corporation) BFEA19DAFF955239A16A80C3CDF64FBE

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-03 18:56] - [2007-12-01 00:25] - 0045568 ____A (Microsoft Corporation) F0AB10362C34E0FDC03FB8E029D07984

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-03 18:56] - [2007-12-01 00:25] - 0331264 ____A (Microsoft Corporation) DA9222DF50B74641658BE5B23B649016

C:\WINDOWS\system32\netman.dll
[2007-02-18 16:38] - [2007-12-01 00:25] - 0198144 ____A (Microsoft Corporation) 926F0847887C38D0C6F8C1AEF4E45E98

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-21 13:24] - [2007-12-01 00:26] - 0144896 ____A (Microsoft Corporation) C509666623D32AC4CDA3199CE4EB1925

C:\WINDOWS\system32\srsvc.dll
[2008-12-21 13:26] - [2007-12-01 00:26] - 0171008 ____A (Microsoft Corporation) 70BF530F3B28242FD6B2E558219316EB

C:\WINDOWS\system32\Drivers\sr.sys
[2008-12-21 13:26] - [2007-11-30 17:39] - 0073472 ____A (Microsoft Corporation) 8EC0EC1508D5C0DC9F0A46B264B41BFF

C:\WINDOWS\system32\wscsvc.dll
[2007-02-18 16:39] - [2007-12-01 00:26] - 0080896 ____A (Microsoft Corporation) E750CD80918C221F7249802A3048A287

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-21 13:24] - [2007-12-01 00:26] - 0144896 ____A (Microsoft Corporation) C509666623D32AC4CDA3199CE4EB1925

C:\WINDOWS\system32\wuauserv.dll
[2008-12-21 13:26] - [2007-02-18 16:39] - 0018392 ____A (Microsoft Corporation) B72508649DAD03BCB5D708EDB1E3E57E

C:\WINDOWS\system32\qmgr.dll
[2008-12-21 13:26] - [2007-12-01 00:25] - 0409088 ____A (Microsoft Corporation) 60EEA64022CE15CB3A81CE666D74913F

C:\WINDOWS\system32\es.dll
[2007-02-18 16:37] - [2007-12-01 00:25] - 0246272 ____A (Microsoft Corporation) 56F40DEC4F1A4595BE3B092E38B07C07

C:\WINDOWS\system32\cryptsvc.dll
[2007-02-18 16:37] - [2007-12-01 00:25] - 0062464 ____A (Microsoft Corporation) B81BA41FE68A70C0FC429BBEFC547739

C:\WINDOWS\system32\svchost.exe
[2004-08-03 18:56] - [2007-12-01 00:26] - 0014336 ____A (Microsoft Corporation) 0C82B0AE50BB2BC8A96A753F4EDC495F

C:\WINDOWS\system32\rpcss.dll
[2007-02-18 16:38] - [2007-12-01 00:25] - 0399360 ____A (Microsoft Corporation) 70ABA737C26F576BD04F108E22FE8A8A

C:\WINDOWS\system32\services.exe
[2004-08-03 18:56] - [2007-12-01 00:26] - 0108544 ____A (Microsoft Corporation) 76727219614A50B2DB29BD0CDA4260D5

Extra List:
=======
AegisP(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0E0000000400000001000000020000000300000008000000090000000A0000000B0000000D0000000E0000000500000006000000070000000C000000
IpSec Tag value is correct.

**** End of log ****

CMeyers3 · Sep 17, 2012

ADwCleaner:

# AdwCleaner v2.002 - Logfile created 09/16/2012 at 23:00:23
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3, v.3264 (32 bits)
# User : Erik - ERIKS-DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Erik\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\prefs.js

Found : user_pref("gm-notifier.ui.counter.showInbox", true);

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2279 octets] - [16/09/2012 23:00:23]

########## EOF - C:\AdwCleaner[R1].txt - [2339 octets] ##########

CMeyers3 · Sep 17, 2012

ESETScan:

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\daddpldfnomkdojcblmdcdahahojhgmo\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{033a26c4-4582-483d-8a69-e2a02beb161c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{033a26c4-4582-483d-8a69-e2a02beb161c}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{0454e100-1007-4777-a6e6-06370e59e89a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{0454e100-1007-4777-a6e6-06370e59e89a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{0a88162a-646f-4d3a-9f3f-8d2a80969d8b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{0a88162a-646f-4d3a-9f3f-8d2a80969d8b}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{1d2a4547-4578-451a-835f-02e3b3a66f0a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{1d2a4547-4578-451a-835f-02e3b3a66f0a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{2c608d33-94e1-4ae9-9699-1b7373958133}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{2c608d33-94e1-4ae9-9699-1b7373958133}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{300e1e12-830f-4370-ad61-e454d7552bbe}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{300e1e12-830f-4370-ad61-e454d7552bbe}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{334a6b63-3d36-4026-a0e4-6448632992fe}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{334a6b63-3d36-4026-a0e4-6448632992fe}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{45c6b7d4-2a66-4cbe-8d33-a986524a5091}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{45c6b7d4-2a66-4cbe-8d33-a986524a5091}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{47dacefc-91f8-4fc5-b745-ce4e7e9b2f31}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{47dacefc-91f8-4fc5-b745-ce4e7e9b2f31}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{48f92fac-75b3-4701-adfe-debb1f4ef472}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{48f92fac-75b3-4701-adfe-debb1f4ef472}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{4ac0393b-4e79-47c4-9450-7a7452a5644f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{4ac0393b-4e79-47c4-9450-7a7452a5644f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{6c4908b0-aeaa-4d7c-8c5c-465a6811a9bf}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{6c4908b0-aeaa-4d7c-8c5c-465a6811a9bf}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{7bdbcaf8-d604-4c5b-aa8c-a6dc5339a4c0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{7bdbcaf8-d604-4c5b-aa8c-a6dc5339a4c0}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{7d20ebcc-bc48-4181-86b3-3f172f8f3203}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{7d20ebcc-bc48-4181-86b3-3f172f8f3203}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{80e3c6d2-bfeb-40b4-bf7c-d82a41942662}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{80e3c6d2-bfeb-40b4-bf7c-d82a41942662}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{831253ce-a72b-4123-b46a-e576d6af11f2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{831253ce-a72b-4123-b46a-e576d6af11f2}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{910f4d7c-3014-4a6d-b770-e25a1085259a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{910f4d7c-3014-4a6d-b770-e25a1085259a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{913b5d7e-379b-4030-9f6b-188bdb393c69}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{913b5d7e-379b-4030-9f6b-188bdb393c69}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a5d0b7ca-9f7c-4509-91e3-f049c608462a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a5d0b7ca-9f7c-4509-91e3-f049c608462a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{b0d3ba19-9b6b-4275-9792-9159878c543f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{b0d3ba19-9b6b-4275-9792-9159878c543f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{bad4a92b-1160-4377-b7fe-0ade0cf54ac9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{bad4a92b-1160-4377-b7fe-0ade0cf54ac9}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{cb776730-5e23-46bc-b4d4-55044f593284}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{cb776730-5e23-46bc-b4d4-55044f593284}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{ce433c8e-d95e-454b-bedb-3633633dd3f7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{ce433c8e-d95e-454b-bedb-3633633dd3f7}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d61d7a2b-0e2c-4de4-9a39-2571a918da6d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d61d7a2b-0e2c-4de4-9a39-2571a918da6d}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{de0e8fa5-1fd3-47ef-b5d2-2923c4bd6a64}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{de0e8fa5-1fd3-47ef-b5d2-2923c4bd6a64}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{e20f2657-af5a-46d1-85c4-00bcffe6ec75}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{e20f2657-af5a-46d1-85c4-00bcffe6ec75}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{ebd24d3d-93f9-4979-8bf0-9a33b9292025}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{ebd24d3d-93f9-4979-8bf0-9a33b9292025}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{fe7a3642-b064-475c-98ed-361d39a02d5b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\extensions\{fe7a3642-b064-475c-98ed-361d39a02d5b}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{033a26c4-4582-483d-8a69-e2a02beb161c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{033a26c4-4582-483d-8a69-e2a02beb161c}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{0454e100-1007-4777-a6e6-06370e59e89a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{0454e100-1007-4777-a6e6-06370e59e89a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{0a88162a-646f-4d3a-9f3f-8d2a80969d8b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{0a88162a-646f-4d3a-9f3f-8d2a80969d8b}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{1d2a4547-4578-451a-835f-02e3b3a66f0a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{1d2a4547-4578-451a-835f-02e3b3a66f0a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{2c608d33-94e1-4ae9-9699-1b7373958133}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{2c608d33-94e1-4ae9-9699-1b7373958133}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{300e1e12-830f-4370-ad61-e454d7552bbe}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{300e1e12-830f-4370-ad61-e454d7552bbe}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{334a6b63-3d36-4026-a0e4-6448632992fe}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{334a6b63-3d36-4026-a0e4-6448632992fe}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{45c6b7d4-2a66-4cbe-8d33-a986524a5091}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{45c6b7d4-2a66-4cbe-8d33-a986524a5091}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{47dacefc-91f8-4fc5-b745-ce4e7e9b2f31}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{47dacefc-91f8-4fc5-b745-ce4e7e9b2f31}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{48f92fac-75b3-4701-adfe-debb1f4ef472}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{48f92fac-75b3-4701-adfe-debb1f4ef472}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{4ac0393b-4e79-47c4-9450-7a7452a5644f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{4ac0393b-4e79-47c4-9450-7a7452a5644f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{6c4908b0-aeaa-4d7c-8c5c-465a6811a9bf}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{6c4908b0-aeaa-4d7c-8c5c-465a6811a9bf}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{7bdbcaf8-d604-4c5b-aa8c-a6dc5339a4c0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{7bdbcaf8-d604-4c5b-aa8c-a6dc5339a4c0}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{7d20ebcc-bc48-4181-86b3-3f172f8f3203}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{7d20ebcc-bc48-4181-86b3-3f172f8f3203}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{80e3c6d2-bfeb-40b4-bf7c-d82a41942662}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{80e3c6d2-bfeb-40b4-bf7c-d82a41942662}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{831253ce-a72b-4123-b46a-e576d6af11f2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{831253ce-a72b-4123-b46a-e576d6af11f2}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{910f4d7c-3014-4a6d-b770-e25a1085259a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{910f4d7c-3014-4a6d-b770-e25a1085259a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{913b5d7e-379b-4030-9f6b-188bdb393c69}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{913b5d7e-379b-4030-9f6b-188bdb393c69}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a5d0b7ca-9f7c-4509-91e3-f049c608462a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a5d0b7ca-9f7c-4509-91e3-f049c608462a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{a9767307-fb00-40e4-833f-6b21eeed2171}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{b0d3ba19-9b6b-4275-9792-9159878c543f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{b0d3ba19-9b6b-4275-9792-9159878c543f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{bad4a92b-1160-4377-b7fe-0ade0cf54ac9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{bad4a92b-1160-4377-b7fe-0ade0cf54ac9}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{cb776730-5e23-46bc-b4d4-55044f593284}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{cb776730-5e23-46bc-b4d4-55044f593284}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{ce433c8e-d95e-454b-bedb-3633633dd3f7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{ce433c8e-d95e-454b-bedb-3633633dd3f7}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d61d7a2b-0e2c-4de4-9a39-2571a918da6d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d61d7a2b-0e2c-4de4-9a39-2571a918da6d}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{d645492c-d1b4-4d3b-966f-35a7e1597e4e}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{de0e8fa5-1fd3-47ef-b5d2-2923c4bd6a64}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{de0e8fa5-1fd3-47ef-b5d2-2923c4bd6a64}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{e20f2657-af5a-46d1-85c4-00bcffe6ec75}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{e20f2657-af5a-46d1-85c4-00bcffe6ec75}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{ebd24d3d-93f9-4979-8bf0-9a33b9292025}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{ebd24d3d-93f9-4979-8bf0-9a33b9292025}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{fe7a3642-b064-475c-98ed-361d39a02d5b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\extensions\{fe7a3642-b064-475c-98ed-361d39a02d5b}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIDEMGX32.dll.vir a variant of Win32/Kryptik.RSL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP118\A0028572.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP118\A0028573.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP125\A0032783.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP125\A0034785.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP129\A0036438.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP129\A0036439.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0036603.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0036604.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037817.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037818.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037819.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037820.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037821.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037822.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037823.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037824.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037825.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037826.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037827.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037828.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037829.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037830.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037831.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037832.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037833.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037834.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037835.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037836.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037837.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037838.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037839.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037840.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037841.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037842.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037843.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037844.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037845.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037846.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037847.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0037848.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0039607.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP132\A0039608.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP133\A0039628.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP133\A0039629.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP134\A0039773.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP134\A0039774.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP134\A0039775.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP134\A0039776.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{039C2D67-D014-43D4-93ED-ABC48248FA19}\RP134\A0039865.dll a variant of Win32/Kryptik.RSL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.09.2012_15.26.24\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.09.2012_15.26.24\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.09.2012_15.26.24\mbr0000\tdlfs0000\tsk0006.dta a variant of Win32/Olmarik.AWX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.09.2012_15.26.24\mbr0000\tdlfs0000\tsk0007.dta probably a variant of Win32/Agent.LNPYLAJ trojan cleaned by deleting - quarantined
E:\External HD Copy\Uniblue PowerSuite 2011 3.0.3.11 + SERIAL KEY [Multilingual]\powersuite.exe multiple threats cleaned by deleting - quarantined

Broni · Sep 17, 2012

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

==================================

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

=====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.

CMeyers3 · Sep 17, 2012

The system hung when I tried to install Adobe Reader so I am moving along with the cleaning process.

ADWCleaner:

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 17:38:52
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3, v.3264 (32 bits)
# User : Erik - ERIKS-DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Erik\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1957994488-115176313-725345543-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\prefs.js

C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\6oumi61i.default\user.js ... Deleted !

Deleted : user_pref("gm-notifier.ui.counter.showInbox", true);

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5lwm18u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2408 octets] - [16/09/2012 23:00:23]
AdwCleaner[S1].txt - [2947 octets] - [17/09/2012 17:38:52]

########## EOF - C:\AdwCleaner[S1].txt - [3007 octets] ##########

CMeyers3 · Sep 17, 2012

OTL:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Erik
->Temp folder emptied: 1951846 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68652020 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1601 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Erik
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Erik
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 09172012_174501

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

CMeyers3 · Sep 17, 2012

My PC fan is constantly running and my CPU usage fluctuates between 15-30% when I have no applications running.

Still getting hung up when I try and open my computer but when I bring up My Documents and pull up the C: drive by typing C:\ into the address bar I navigate my files without issue.

Wondering if it could be an issue with the hardware, but running at 15-30% CPU usage with nothing active and no background processes active other than services.exe leaves me a bit concerned.

Thoughts?

EDIT: Windows Explorer just hung when I right clicked the FileHippo icon in the task bar. Secunia seems to have hung as well, it's been running for approximately 10-15 minutes.

I have a Master and Slave HDD, should I pull the Slave drive and repeat the entire process from start to finish while disconnected from the web?

Broni · Sep 17, 2012

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

CMeyers3 · Sep 17, 2012

File is attached.

Broni · Sep 17, 2012

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

CMeyers3 · Sep 17, 2012

I don't have my Windows XP CD in order to complete Step 3.

Broni · Sep 17, 2012

Ask around. Borrowed one will do.

CMeyers3 · Sep 20, 2012

I was able to track down an XP disc and ran the Windows Repair. It hung up on step 6 of 12, repairing Internet Explorer at the regwicz.dll command line.

I let it run for 7 hours while I slept and it made no further progress. When I closed the command prompt it continued through the remaining steps very quickly and rebooted the machine.

Still having the same issues:

-Explorer locks up when right clicking in blank area of desktop
-Very very slow response (if at all) when accessing My Computer
-Can't install/run certain programs (I.e. UpdateChecker from File Hippo)
-No sound

I pulled my GPU card and extra HDD out last night as well and have them sitting off to the side.

Broni · Sep 20, 2012

At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

CMeyers3 · Sep 20, 2012

I've been putting off transferring my hardware to a new pc case until I fixed this but I think I'm going to go ahead with transferring components and just get this PC setup with Ubuntu.

Thanks so much for all of your help Broni. If nothing else, I know my machine is free and clear of any harmful programs. Sent a donation your way.

Broni · Sep 20, 2012

Thank you and good luck

TechSpot

Welcome to TechSpot

Windows Explorer running abnormally slow...

CMeyers3 Newcomer, in training Posts: 27

Broni Malware Annihilator Posts: 39,189 +175

CMeyers3 Newcomer, in training Posts: 27

CMeyers3 Newcomer, in training Posts: 27

CMeyers3 Newcomer, in training Posts: 27

CMeyers3 Newcomer, in training Posts: 27

CMeyers3 Newcomer, in training Posts: 27

Broni Malware Annihilator Posts: 39,189 +175

CMeyers3 Newcomer, in training Posts: 27

CMeyers3 Newcomer, in training Posts: 27

CMeyers3 Newcomer, in training Posts: 27

Broni Malware Annihilator Posts: 39,189 +175

CMeyers3 Newcomer, in training Posts: 27

Attached Files:

Procep.TXT

Broni Malware Annihilator Posts: 39,189 +175

CMeyers3 Newcomer, in training Posts: 27

Broni Malware Annihilator Posts: 39,189 +175

CMeyers3 Newcomer, in training Posts: 27

Broni Malware Annihilator Posts: 39,189 +175

CMeyers3 Newcomer, in training Posts: 27

Broni Malware Annihilator Posts: 39,189 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.