Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chasing something...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Chasing something...

Unread postby geniusless » February 28th, 2013, 11:59 pm

Hello, i have two pc's that are infected to what degree I am not sure. Let's start on this one first. I did run scans and catch something prior, but I'm not convinced she's clean yet... Starting with logs, enjoy :)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by Owner at 19:48:44 on 2013-02-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1408 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro AntiVirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{03F3AC55-7682-499F-BBAB-B01BF71466CF} : DHCPNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{5F0A8F20-B48E-4425-A7C7-C6C1438FC199} : DHCPNameServer = 192.168.1.1 184.16.33.54
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-22 13560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-20 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-20 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-20 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-20 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-20 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-14 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-18 13336]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-2-15 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-4-16 648456]
.
=============== Created Last 30 ================
.
2013-02-27 02:33:36 -------- d--h--w- c:\program files\common files\EAInstaller
2013-02-27 02:11:02 -------- d-----w- c:\program files\Origin Games
2013-02-27 02:10:53 -------- d-----w- c:\users\owner\appdata\local\Origin
2013-02-27 02:09:39 -------- d-----w- c:\program files\Origin
2013-02-26 08:42:22 920088 ----a-w- c:\windows\system32\igxpun.exe
2013-02-26 06:35:21 -------- d-----w- c:\windows\system32\x64
2013-02-26 06:20:13 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-02-26 06:13:49 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fba2e44d-3c18-413f-bd75-f446641a4352}\mpengine.dll
2013-02-22 21:27:30 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-02-22 21:27:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-22 01:17:16 0 --sha-r- \MSDOS.SYS
2013-02-22 01:17:16 0 --sha-r- \IO.SYS
2013-02-21 05:17:35 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-21 05:17:33 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-21 05:16:44 41224 ----a-w- c:\windows\avastSS.scr
2013-02-21 05:16:18 -------- d-----w- c:\programdata\AVAST Software
2013-02-21 05:16:18 -------- d-----w- c:\program files\AVAST Software
2013-02-21 03:24:18 -------- d-----w- c:\program files\Enigma Software Group
2013-02-21 03:23:26 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-02-21 03:23:21 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-02-19 19:13:57 -------- d-----w- c:\users\owner\appdata\local\Zemana
2013-02-19 19:13:54 -------- d-----w- c:\program files\AntiLogger
2013-02-14 21:38:46 -------- d-----w- c:\program files\Lavalys
2013-02-14 18:47:20 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-14 18:47:20 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-14 18:46:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-14 09:26:16 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-02-14 09:26:15 -------- d-----w- c:\programdata\PCDr
2013-02-14 09:23:35 -------- d-----w- c:\program files\Dell Support Center
2013-02-14 09:22:18 -------- d-----w- C:\temp
2013-02-14 09:22:18 -------- d-----w- \temp
2013-02-14 09:10:25 -------- d-----w- c:\windows\Driver Cache
2013-02-14 09:10:25 -------- d-----w- c:\program files\AVerMedia
2013-02-14 09:03:42 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-02-14 05:45:26 -------- d-----w- c:\users\owner\appdata\local\Giant Savings Extension
2013-02-14 05:34:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-02-14 05:23:55 -------- d-----w- c:\programdata\Origin
2013-02-14 05:23:54 -------- d-----w- c:\programdata\Electronic Arts
2013-02-13 19:36:16 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 19:36:13 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 19:36:13 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 19:36:12 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:36:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-12 23:51:50 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-12 22:18:24 -------- d-----w- c:\program files\FGIcon
2013-02-12 22:18:04 -------- d-----w- c:\programdata\Tarma Installer
.
==================== Find3M ====================
.
2013-02-27 02:24:02 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 02:24:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 09:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 19:49:17.48 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/15/2008 5:07:30 PM
System Uptime: 2/27/2013 2:56:30 AM (41 hours ago)
.
Motherboard: Dell Inc. | | 0DT492
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | Microprocessor | 1333/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 179.221 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.704 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1341: 2/20/2013 7:11:42 PM - Installed Kaspersky Security Scan.
RP1342: 2/20/2013 7:23:31 PM - Installed SpyHunter
RP1343: 2/20/2013 8:44:58 PM - Removed SpyHunter
RP1345: 2/20/2013 8:49:46 PM - First Restore Point
RP1346: 2/20/2013 9:16:10 PM - avast! Free Antivirus Setup
RP1347: 2/21/2013 2:49:37 PM - Scheduled Checkpoint
RP1348: 2/21/2013 6:11:00 PM - Windows Update
RP1349: 2/22/2013 3:18:30 PM - Scheduled Checkpoint
RP1350: 2/23/2013 3:06:55 PM - Scheduled Checkpoint
RP1351: 2/24/2013 3:54:58 PM - Scheduled Checkpoint
RP1352: 2/25/2013 11:10:22 AM - Removed Cisco EAP-FAST Module
RP1353: 2/25/2013 10:12:16 PM - Windows Update
RP1354: 2/25/2013 10:20:15 PM - Device Driver Package Install: Intel System devices
RP1355: 2/25/2013 10:34:02 PM - Windows Update
RP1357: 2/25/2013 11:15:57 PM - Installed DirectX
RP1358: 2/26/2013 12:41:11 AM - Device Driver Package Install: Intel Corporation Display adapters
RP1359: 2/26/2013 5:08:52 PM - Scheduled Checkpoint
RP1361: 2/26/2013 6:32:01 PM - Installed DirectX
RP1362: 2/27/2013 2:06:02 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.5
avast! Free Antivirus
AVerMedia MCE Encoder x86 3.0.1.0
Battlefield 1942™
Broadcom Gigabit Integrated Controller
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Driver Download Manager
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
EVEREST Home Edition v2.01
Fast Browser Search (My Web Tattoo)
Fax
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java 7 Update 13
Java Auto Updater
Laptop Integrated Webcam Driver (1.00.10.0320)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Origin
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 8
System Requirements Lab for Intel
Trend Micro AntiVirus
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Mobile Device Updater Component
Windows Vista Security Guide
WinRAR 4.20 (32-bit)
WinRAR Packages
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
2/27/2013 11:13:31 AM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
2/26/2013 4:19:48 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/26/2013 4:18:05 PM, Error: EventLog [6008] - The previous system shutdown at 4:14:43 PM on 2/26/2013 was unexpected.
2/26/2013 11:33:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr tmtdi Wanarpv6
2/26/2013 11:33:17 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/26/2013 11:32:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/26/2013 11:32:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/26/2013 11:32:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/26/2013 11:32:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/26/2013 11:32:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/26/2013 11:32:20 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
2/26/2013 11:32:02 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
2/26/2013 11:32:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
2/25/2013 10:27:44 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
2/25/2013 10:27:34 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
2/25/2013 10:24:58 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
2/24/2013 11:05:59 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/24/2013 11:05:53 PM, Error: Microsoft-Windows-Windows Defender [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
2/24/2013 10:27:38 PM, Error: EventLog [6008] - The previous system shutdown at 10:24:34 PM on 2/24/2013 was unexpected.
2/23/2013 1:19:39 PM, Error: EventLog [6008] - The previous system shutdown at 12:01:48 AM on 2/23/2013 was unexpected.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx tmtdi Wanarpv6
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:52:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:51:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/22/2013 7:51:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/22/2013 1:03:03 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/22/2013 1:01:02 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2013 6:28:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
2/21/2013 6:28:56 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2013 6:23:59 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 2150760449 (0x80320001).
2/21/2013 6:10:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.
2/21/2013 6:08:11 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2013 6:08:11 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2013 6:08:11 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2013 3:36:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/21/2013 3:25:24 PM, Error: EventLog [6008] - The previous system shutdown at 3:22:12 PM on 2/21/2013 was unexpected.
.
==== End Of File ===========================
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm
Advertisement
Register to Remove

Re: Chasing something...

Unread postby askey127 » March 1st, 2013, 8:38 am

Hi geniusless,
Looking over your logs.
Be back soon.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby askey127 » March 1st, 2013, 8:50 am

geniusless,
My Web Tattoo is spyware that tracks your social media profile, and your contacts.
You have multiple Antivirus programs. That can reduce your protection and make your system unstable.
Please don't install, Uninstall, or scan with anything unless I ask, until we are through here.
We will replace Adobe Reader with a new version later, and we will discuss Java.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.4.5
Fast Browser Search (My Web Tattoo)
Java 7 Update 13
Java Auto Updater
Trend Micro AntiVirus

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 1:29 pm

OK, web tattoo will not uninstall, click, and screen blacks out for a sec then nothing happens. Trend Micros isn't in my programs uninstall list. BTW Hi, and thank you in advance! :)
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 1st, 2013, 2:55 pm

OK.
Go ahead with the parts of the instruction that you are able to do.
We will take care of the rest.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 3:38 pm

Text dissapears when i try to send or preiview the reply. says my message contains to few characters. *** dur-da-durrr dippity-doo figured that one out***
Last edited by geniusless on March 1st, 2013, 3:52 pm, edited 1 time in total.
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 3:50 pm

OTL logfile created on: 3/1/2013 11:08:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.07% Memory free
6.18 Gb Paging File | 5.00 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 180.50 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Computer Name: PUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/06 09:32:08 | 000,730,496 | ---- | M] () -- C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/02 12:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 23:48:07 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/13 20:30:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/01/24 23:39:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\295bceb25b989b5e5db8a70cbbb42853\IAStorUtil.ni.dll
MOD - [2013/01/24 23:39:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\781904ca0923a7ddaabf182f17663e96\IAStorCommon.ni.dll
MOD - [2013/01/24 23:37:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/01/24 23:36:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/24 23:36:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/24 23:36:15 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/24 23:35:07 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
MOD - [2013/01/24 23:35:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/24 23:34:55 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2009/05/06 09:32:08 | 000,730,496 | ---- | M] () -- C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
MOD - [2007/10/09 19:18:12 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2013/02/26 18:24:03 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/14 09:59:14 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/02/15 22:34:18 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\xaudio.sys -- (XAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/02 15:00:12 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 15:00:08 | 000,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 15:00:00 | 000,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/02/15 22:34:18 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/06/25 17:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=465&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{0720BDDF-9BB4-4361-A99E-B95A0FB45D17}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={00000000-0000-0000-0000-000000000000}
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{1AE34375-5126-4C23-933D-1CC04FE4CF04}: "URL" = http://www.fastbrowsersearch.com/result ... ts.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid=0
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{4B26DEFC-8C40-42C7-8309-AE629A7B3854}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{71B3E426-C693-4100-B559-6AD240803D98}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=465&q={searchTerms}
IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/10/08 15:11:06 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03F3AC55-7682-499F-BBAB-B01BF71466CF}: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F0A8F20-B48E-4425-A7C7-C6C1438FC199}: DhcpNameServer = 192.168.1.1 184.16.33.54
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (X2嘀㬪蘁 獭ㅶた搮汬) - File not found
O30 - LSA: Security Packages - (>뻯㭏ẵ㭏ẵ&) - File not found
O30 - LSA: Security Packages - (�) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 3:51 pm

========== Files/Folders - Created Within 30 Days ==========

[2013/03/01 11:04:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/01 09:24:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/01 09:24:51 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013/02/28 19:47:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2013/02/26 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/02/26 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2013/02/26 00:42:22 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2013/02/25 22:35:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2013/02/25 22:20:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013/02/25 10:09:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2013/02/22 13:28:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\LavasoftStatistics
[2013/02/22 13:27:30 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/02/22 13:27:30 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/22 13:27:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus
[2013/02/20 21:17:36 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/02/20 21:17:36 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/02/20 21:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/20 21:17:35 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/02/20 21:17:35 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/02/20 21:17:35 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/02/20 21:17:33 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/20 21:16:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/20 21:16:43 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/20 21:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/20 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/20 19:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/20 19:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/02/19 11:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\AntiLogger
[2013/02/14 13:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/02/14 13:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013/02/14 10:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/02/14 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/02/14 10:48:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/02/14 10:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/14 10:47:20 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/14 10:47:20 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/14 10:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/14 01:26:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2013/02/14 01:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/02/14 01:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2013/02/14 01:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013/02/14 01:22:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCDr
[2013/02/14 01:22:18 | 000,000,000 | ---D | C] -- C:\temp
[2013/02/14 01:22:18 | 000,000,000 | ---D | C] -- \temp
[2013/02/14 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2013/02/14 01:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVerMedia
[2013/02/14 01:03:42 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2013/02/13 23:03:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Battlefield 1942
[2013/02/13 21:45:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2013/02/13 21:45:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/02/13 21:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/02/13 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/02/13 21:45:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/13 21:35:02 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2013/02/13 21:35:02 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013/02/13 21:35:02 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2013/02/13 21:35:02 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013/02/13 21:35:02 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2013/02/13 21:35:01 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013/02/13 21:35:01 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013/02/13 21:35:01 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013/02/13 21:35:01 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2013/02/13 21:35:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013/02/13 21:35:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013/02/13 21:35:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013/02/13 21:35:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013/02/13 21:35:00 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013/02/13 21:35:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013/02/13 21:35:00 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013/02/13 21:34:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/02/13 21:34:58 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013/02/13 21:34:58 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013/02/13 21:34:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013/02/13 21:34:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013/02/13 21:34:57 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013/02/13 21:34:57 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013/02/13 21:34:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013/02/13 21:34:56 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013/02/13 21:34:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013/02/13 21:34:56 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013/02/13 21:34:56 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013/02/13 21:34:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013/02/13 21:34:55 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/02/13 21:34:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/02/13 21:34:55 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013/02/13 21:34:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/02/13 21:34:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013/02/13 21:34:54 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013/02/13 21:34:54 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013/02/13 21:34:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013/02/13 21:34:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013/02/13 21:34:54 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013/02/13 21:34:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013/02/13 21:34:53 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013/02/13 21:34:53 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013/02/13 21:34:53 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013/02/13 21:34:53 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013/02/13 21:34:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013/02/13 21:34:53 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013/02/13 21:34:52 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013/02/13 21:34:52 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013/02/13 21:34:52 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013/02/13 21:34:51 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013/02/13 21:34:51 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013/02/13 21:34:50 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/02/13 21:34:50 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013/02/13 21:34:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013/02/13 21:34:50 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013/02/13 21:34:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013/02/13 21:34:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013/02/13 21:34:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013/02/13 21:34:49 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013/02/13 21:34:49 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013/02/13 21:34:49 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013/02/13 21:34:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013/02/13 21:34:47 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013/02/13 21:34:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013/02/13 21:34:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013/02/13 21:34:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013/02/13 21:34:45 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013/02/13 21:34:45 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013/02/13 21:34:43 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013/02/13 21:34:43 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013/02/13 21:34:43 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013/02/13 21:34:43 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013/02/13 21:34:43 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013/02/13 21:34:42 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013/02/13 21:34:42 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013/02/13 21:34:41 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013/02/13 21:34:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/02/13 21:34:27 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013/02/13 21:34:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013/02/13 21:34:27 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013/02/13 21:34:27 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013/02/13 21:34:27 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013/02/13 21:34:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013/02/13 21:34:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013/02/13 21:34:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013/02/13 21:24:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/02/13 21:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/02/13 21:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/02/13 20:11:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/13 20:11:23 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/13 20:11:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/13 20:11:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/13 20:11:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/13 20:11:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/13 20:11:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/13 20:11:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 11:36:16 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 11:36:13 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 11:36:13 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 11:36:10 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/02/12 15:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/12 14:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\FGIcon
[2013/02/12 14:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/01 11:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9DE2A930-5BF7-466C-A033-6CDC69CE178C}.job
[2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/01 11:01:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/01 11:00:46 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/01 11:00:46 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/01 11:00:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/01 10:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/01 10:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/28 19:47:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2013/02/26 18:24:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/26 18:24:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/26 18:09:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/02/25 23:27:32 | 000,000,359 | ---- | M] () -- C:\Users\Owner\Desktop\Downloads.lnk
[2013/02/25 16:14:39 | 000,269,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/25 10:23:41 | 000,000,250 | ---- | M] () -- C:\WirelessDiagLog.csv
[2013/02/24 12:03:26 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/22 13:27:30 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/21 18:24:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/02/21 17:17:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/02/21 17:17:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/02/21 14:20:58 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/21 14:20:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/14 11:31:28 | 000,000,297 | ---- | M] () -- C:\Users\Owner\Desktop\puter.lnk
[2013/02/14 10:55:03 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2013/02/14 10:46:14 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/14 10:46:14 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/14 01:20:18 | 003,892,272 | ---- | M] () -- C:\Users\Owner\Desktop\run this with battery in.exe
[2013/02/13 20:58:30 | 000,657,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 20:58:30 | 000,122,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/11 21:23:40 | 000,023,125 | ---- | M] () -- C:\Windows\hpqins15.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/26 18:09:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/02/25 23:27:32 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Desktop\Downloads.lnk
[2013/02/25 10:29:53 | 000,744,740 | ---- | C] () -- C:\Windows\System32\oem21.inf
[2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2013/02/20 21:17:37 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/14 11:31:28 | 000,000,297 | ---- | C] () -- C:\Users\Owner\Desktop\puter.lnk
[2013/02/14 10:29:27 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2013/02/14 01:20:18 | 003,892,272 | ---- | C] () -- C:\Users\Owner\Desktop\run this with battery in.exe
[2013/02/11 21:22:43 | 000,023,125 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/11/27 11:06:02 | 000,013,030 | ---- | C] () -- \PDOXUSRS.NET
[2008/10/12 22:18:10 | 000,000,164 | ---- | C] () -- \install.dat
[2008/07/30 22:58:27 | 000,000,250 | ---- | C] () -- \WirelessDiagLog.csv
[2008/04/18 01:45:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/04/18 00:22:52 | 000,024,227 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/04/17 16:39:05 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Window Switcher.lnk
[2008/04/15 16:57:51 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/03/04 16:55:40 | 000,004,622 | RH-- | C] () -- \dell.sdr
[2008/03/04 15:19:18 | 000,021,469 | ---- | C] () -- \newkey
[2008/03/04 15:19:18 | 000,021,469 | ---- | C] () -- \newfile.enc
[2008/02/03 15:06:57 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 02:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 22:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/13 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/22 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus
[2009/02/13 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2010/11/27 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/01/30 01:58:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin
[2013/02/13 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2009/01/11 01:56:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ParetoLogic
[2013/02/14 01:22:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2008/06/08 01:29:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2013/02/14 10:48:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2012/09/26 21:01:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2008/05/27 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E50C1642

< End of report >
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 3:53 pm

OTL Extras logfile created on: 3/1/2013 11:08:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.07% Memory free
6.18 Gb Paging File | 5.00 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 180.50 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Computer Name: PUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2910388343-3669961354-4034591298-1000]
"EnableNotificationsRef" = 2
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2910388343-3669961354-4034591298-1001]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0835CCAC-18F8-4D6F-B3E8-9803EDAD578A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F2A0393-D397-4124-BEC7-11C8A4148298}" = rport=139 | protocol=6 | dir=out | app=system |
"{1378A910-F763-4561-AABA-A002DAB25307}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1827153A-5B65-4811-B18D-14F05E71F6A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1C76BC84-BEE0-400E-9082-21AB7F1C0AF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F5CC4E1-68E7-460A-8EF4-C1C67CEBD5A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{36A4184E-E8C3-43DD-9A50-91D2ADAA4F0F}" = rport=445 | protocol=6 | dir=out | app=system |
"{4342ACB8-6DC8-4A70-878F-65A9641EB96A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4593A59F-1586-4DE3-8932-62C28FDFFC4F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4801BAE4-AD3F-46D4-85D5-DBED2ABB92F2}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{618A5107-0245-4609-8418-86484DCE781B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6C63E658-B4B6-4190-A5AB-0611EDF53137}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{6D081D80-26CA-44EF-9751-F6E5B5707DF8}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F87030D-CEAF-41A2-81DA-BE70163B9173}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{71696F12-5B01-467A-9FBC-3F7F843AFF3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7EEB9AAD-4B3A-41FA-BEC2-8AFB4AAFACB2}" = lport=137 | protocol=17 | dir=in | app=system |
"{90AAE4F1-D798-4ADD-A9C8-AFCC9167DCE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{930DDDD0-1C23-4F96-895D-95FB8B98AAB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9AC5383B-41CA-4787-AB82-CFBB45B57A53}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7DE1391-76CB-4E0D-A1C3-FA4F6EA8D312}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A83E957E-45BD-409D-9AFF-69B2180559C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{ACB0A36B-EC8C-42C4-8513-7B856DD0F285}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B836A057-20C4-47C3-BC13-617BCD19EFDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B97D820A-5000-4EE6-83EF-0B13ABEC00E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{C262EEC5-25A3-44BD-8343-DF829D5EBF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CABBC93D-EBD7-4001-9ED9-D6C415D216CC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{CC64D4A1-B59E-4C18-B282-01562EC52B9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E84CF167-2E37-4D75-ABED-A9DBA359D6D2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F47FF8ED-E185-40BB-A819-9B242F8FB44F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD11321C-95E3-49F8-96C9-912F47617369}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EE8A78-0FC5-41E8-9544-DFC52C003D2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0583048B-26C1-43AC-A93F-DA34B3D1D6A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08608FF9-1BCC-483F-A729-8CCC3333E29B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{0C17C687-6269-4EB9-BCA8-DF139C565C34}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{0C5E4AD6-AEC2-4D2E-A998-19A6058171F8}" = protocol=6 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{0EFBC67B-7D28-43CD-A7EB-D0F4F6DA0947}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{14226EA5-185F-400D-ABBC-1A3D2932814A}" = protocol=6 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{14621DFC-5268-4CC3-81D8-23D0D3AE0F0D}" = protocol=6 | dir=in | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{17158FB4-D421-4274-8925-AB51D46BA909}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{188B779E-FCFF-407B-84DD-D4327AE43553}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F5B0588-E774-439F-BE18-0F49940D80EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21C407D9-3242-4B83-82F7-6D628EC59E75}" = protocol=6 | dir=out | app=system |
"{2666C072-2A36-4552-BD73-A7C5A91C66BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{2B1DFA48-96BB-4D34-A02B-C6106237CDE8}" = protocol=6 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{3212851E-3DF9-4269-852A-14AF11FA73B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{403740F4-6C93-4908-8555-69E00221FEA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{4C8E8E8E-ED4C-4927-B448-AA8C19752F8B}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{4D47062F-F093-4F8C-BBCC-C423A618925D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50D28A1D-EBF9-4A46-9BB3-7741BADB221C}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{5B846F6D-012E-4878-A4B6-AE4062F6508D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{64399AE9-6D54-465B-94C8-D70F37B0826D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{71037362-9743-4BD2-807E-C3379E3DF48B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71F0E575-CE33-4085-B408-7EC82AD504D3}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{72992C1F-FF18-43C3-8AA2-7B4A51A18264}" = protocol=6 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{7325415F-33DC-4E82-B18B-2016130CBA6B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{78A511B1-8B4E-4818-8C0C-9E6C49952D12}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{92F8B3C6-1DF5-4DC5-A62A-A0A090901643}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{93E45BDD-4306-4833-BE5D-C82FE96C79F1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{95DFDAB3-8B28-4172-9202-AC613010CAFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B0CB0BD-FFC5-423D-945A-10640CE71E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B80BC01F-A5DA-4301-BA54-BF6B28623920}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C08BBB62-3FA5-4747-9881-5A3798E7774D}" = protocol=17 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{C3957501-48B6-4F8F-818E-481DFF227900}" = protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{C50D51C0-5B21-462A-8618-3FC219918765}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{DDA082CE-8A1A-4BFC-9A37-F828CD922833}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{DF336A7D-7682-4D0B-96D7-6CAA191FAB8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E4C589FB-7C4B-45DC-983B-DDDD5DD4F7E7}" = protocol=6 | dir=in | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{F005E791-8091-433A-A260-28EF6F658B4A}" = protocol=17 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{F030B055-7C9D-459F-806F-4A34DBBD3F5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F22EE00F-198E-4327-B2AA-BCFB11711A7E}" = protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{F8F2321B-1081-4DE9-B24F-9C09DFFC3E97}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{FAFED064-A825-4249-9584-7B7D3D9C85C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{FF03A88D-EE6D-4670-85E9-71C213432B73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{D915D118-2445-4FA9-A72A-32C705770E69}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4A50488F-FB70-4CCD-AEC6-3BA228F3CED9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 3:55 pm

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B55A266C-A47A-4AF5-9768-464AE09F0082}" = Windows Vista Security Guide
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.01
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"PC-Doctor for Windows" = Dell Support Center
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"WinRAR Packages" = WinRAR Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2013 1:37:51 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 1:38:52 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 1:41:57 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 1:47:58 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 1:47:58 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 1:49:52 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 3:00:57 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 3:02:33 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 3:04:56 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 3/1/2013 3:04:56 PM | Computer Name = puter | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

[ Broadcom Wireless LAN Events ]
Error - 12/1/2012 4:08:28 PM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 12:08:28, Sat, Dec 01, 12 Error - Unable to gain access to user store


Error - 12/15/2012 5:19:25 PM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 13:19:25, Sat, Dec 15, 12 Error - Unable to gain access to user store


Error - 12/17/2012 7:09:29 PM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 15:09:29, Mon, Dec 17, 12 Error - Unable to gain access to user store


Error - 2/14/2013 8:19:45 AM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 04:19:44, Thu, Feb 14, 13 Error - Unable to gain access to user store


Error - 2/14/2013 8:23:40 AM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 04:23:40, Thu, Feb 14, 13 Error - Unable to gain access to user store


Error - 2/21/2013 3:02:33 AM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 23:02:32, Wed, Feb 20, 13 Error - Unable to gain access to user store


Error - 2/23/2013 5:21:47 PM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 13:21:45, Sat, Feb 23, 13 Error - Unable to gain access to user store


Error - 2/25/2013 2:29:59 AM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 22:29:58, Sun, Feb 24, 13 Error - Unable to gain access to user store


Error - 2/25/2013 2:33:55 AM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 22:33:55, Sun, Feb 24, 13 Error - Unable to gain access to user store


Error - 2/26/2013 8:20:10 PM | Computer Name = puter | Source = WLAN-Tray | ID = 0
Description = 16:20:08, Tue, Feb 26, 13 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 8/26/2009 5:29:13 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 2:18:52 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/1/2013 1:24:54 PM | Computer Name = puter | Source = DCOM | ID = 10005
Description =

Error - 3/1/2013 1:24:54 PM | Computer Name = puter | Source = Service Control Manager | ID = 7009
Description =

Error - 3/1/2013 1:24:54 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2013 1:24:54 PM | Computer Name = puter | Source = Service Control Manager | ID = 7009
Description =

Error - 3/1/2013 1:24:54 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2013 3:02:36 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2013 3:02:36 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2013 3:02:36 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2013 3:02:36 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2013 3:02:36 PM | Computer Name = puter | Source = Service Control Manager | ID = 7000
Description =


< End of report >
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 1st, 2013, 11:52 pm

A little add on. Not sure if this is normal, but there are several new items on my desktop now. Two of the desktop.ini, C:\Users\Owner\Desktop\~$urnalz.docx is the next one, and an empty %%appdata%% folder or something, didn't catch it as it all just dissapeared as i was looking at them and typing this...
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 2nd, 2013, 8:42 am

geniusless,
Don't be concerned about those items on your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 11.0.01 are vulnerable.
Go HERE to download AdbeRdr11001_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category
Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
When it finishes, you can remove the Installer from your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, copy and paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{0720BDDF-9BB4-4361-A99E-B95A0FB45D17}: "URL" = http://www.ask.com/web?q= {searchTerms}&qsrc=0&o=0&l=dir
    IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://fastbrowsersearch.com/results/results.aspx?q= {searchTerms}&c=web&s=DSP&v=18&tid={00000000-0000-0000-0000-000000000000}
    IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{1AE34375-5126-4C23-933D-1CC04FE4CF04}: "URL" = http://www.fastbrowsersearch.com/result ... ts.aspx?q= {searchTerms}&c=web&s=DSP&v=18&tid=0
    IE - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\SearchScopes\{71B3E426-C693-4100-B559-6AD240803D98}: "URL" = http://www.ask.com/web?q= {searchTerms}&qsrc=0&o=0&l=dir
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-2910388343-3669961354-4034591298-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E50C1642
    
    :Files
    C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus
    C:\ProgramData\PC-Doctor for Windows
    C:\ProgramData\PCDr
    C:\Users\Owner\AppData\Roaming\PCDr
    C:\Program Files\Search Guard Plus
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 2nd, 2013, 3:33 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0720BDDF-9BB4-4361-A99E-B95A0FB45D17}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0720BDDF-9BB4-4361-A99E-B95A0FB45D17}\ not found.
Registry key HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1AE34375-5126-4C23-933D-1CC04FE4CF04}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AE34375-5126-4C23-933D-1CC04FE4CF04}\ not found.
Registry key HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\Software\Microsoft\Internet Explorer\SearchScopes\{71B3E426-C693-4100-B559-6AD240803D98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71B3E426-C693-4100-B559-6AD240803D98}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2\ deleted successfully.
C:\Windows\system32\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2910388343-3669961354-4034591298-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:E50C1642 deleted successfully.
========== FILES ==========
C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus\Logs\20130222T212729.233763PID816 folder moved successfully.
C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\ProgramData\PC-Doctor for Windows\startmenu folder moved successfully.
C:\ProgramData\PC-Doctor for Windows folder moved successfully.
C:\ProgramData\PCDr\Tonopah folder moved successfully.
C:\ProgramData\PCDr\6032\Tonopah\upload folder moved successfully.
C:\ProgramData\PCDr\6032\Tonopah\manifest\payloads folder moved successfully.
C:\ProgramData\PCDr\6032\Tonopah\manifest folder moved successfully.
C:\ProgramData\PCDr\6032\Tonopah\db folder moved successfully.
C:\ProgramData\PCDr\6032\Tonopah folder moved successfully.
C:\ProgramData\PCDr\6032\software folder moved successfully.
C:\ProgramData\PCDr\6032\smartdata folder moved successfully.
C:\ProgramData\PCDr\6032\performance folder moved successfully.
C:\ProgramData\PCDr\6032\logs folder moved successfully.
C:\ProgramData\PCDr\6032\hardware folder moved successfully.
C:\ProgramData\PCDr\6032\datastore folder moved successfully.
C:\ProgramData\PCDr\6032\AddOnDownloaderCache\zipped folder moved successfully.
C:\ProgramData\PCDr\6032\AddOnDownloaderCache\unzipped folder moved successfully.
C:\ProgramData\PCDr\6032\AddOnDownloaderCache folder moved successfully.
C:\ProgramData\PCDr\6032\AddOnDownloaded folder moved successfully.
C:\ProgramData\PCDr\6032\AddOnContent folder moved successfully.
C:\ProgramData\PCDr\6032 folder moved successfully.
C:\ProgramData\PCDr folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\e09a9323-21c7-4915-922e-8be9d4938a91\appupdaterrules_dell folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\e09a9323-21c7-4915-922e-8be9d4938a91 folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\b0f8a104-3659-4a1c-9a3a-9b123ef03496\appupdaterrules_dell folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\b0f8a104-3659-4a1c-9a3a-9b123ef03496 folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\9e425aca-1313-41cf-93d6-a0f3b91eb195\appupdaterrules_dell folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\9e425aca-1313-41cf-93d6-a0f3b91eb195 folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\41fd8170-b159-46af-80d3-f4ddfd6b15f1\appupdaterrules_dell folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\41fd8170-b159-46af-80d3-f4ddfd6b15f1 folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\3f9f97d7-5b3f-4515-9b70-928b90b9533d\appupdaterrules_dell folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\3f9f97d7-5b3f-4515-9b70-928b90b9533d folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\27138fce-3ac7-4764-aaf5-81cf5124aca3\appupdaterrules_dell folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules\27138fce-3ac7-4764-aaf5-81cf5124aca3 folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Rules folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Logs folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update\Binaries folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Update folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Installer\Logs folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr\Installer folder moved successfully.
C:\Users\Owner\AppData\Roaming\PCDr folder moved successfully.
C:\Program Files\Search Guard Plus folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 205492 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes

User: Default
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temporary Internet Files folder emptied: 750346409 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500407 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 216659485 bytes
RecycleBin emptied: 49009888 bytes

Total Files Cleaned = 970.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03022013_111611

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 3rd, 2013, 8:12 am

geniusless,
That looks good.
Did you run the Quick Scan and get a new version of OTL.txt per the last part of the instruction?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 3rd, 2013, 2:47 pm

OTL logfile created on: 3/3/2013 10:32:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.90% Memory free
6.18 Gb Paging File | 5.07 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 180.96 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Computer Name: PUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/02/20 21:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/02 12:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/20 21:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll
MOD - [2013/02/20 21:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
MOD - [2013/02/20 21:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll
MOD - [2013/02/13 23:48:07 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/13 20:30:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/01/24 23:39:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\295bceb25b989b5e5db8a70cbbb42853\IAStorUtil.ni.dll
MOD - [2013/01/24 23:39:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\781904ca0923a7ddaabf182f17663e96\IAStorCommon.ni.dll
MOD - [2013/01/24 23:37:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/01/24 23:36:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/24 23:36:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/24 23:36:15 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/24 23:35:07 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
MOD - [2013/01/24 23:35:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/24 23:34:55 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2007/10/09 19:18:12 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2013/02/26 18:24:03 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/14 09:59:14 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/02/15 22:34:18 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\xaudio.sys -- (XAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/02 15:00:12 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 15:00:08 | 000,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 15:00:00 | 000,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/02/15 22:34:18 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/06/25 17:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=465&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4B26DEFC-8C40-42C7-8309-AE629A7B3854}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=465&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 492 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware