OTL logfile created on: 3/3/2013 10:32:56 AM -Run 2 OTL by OldTimer - Version 3.2.69.0
C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.90% Memory free 6.18 Gb Paging File | 5.07 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.51 Gb Total Space | 180.96 Gb Free Space | 63.38% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 57.04% Space Free | Partition Type: NTFS
Computer Name: PUTER | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========PRC - [2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) --C:\Users\Owner\Desktop\OTL.exe PRC - [2013/02/20 21:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) --C:\Windows\explorer.exe PRC - [2007/07/02 12:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
========== Modules (No Company Name) ==========MOD - [2013/02/20 21:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll MOD - [2013/02/20 21:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013/02/20 21:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2013/02/13 23:48:07 | 011,820,544 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013/02/13 20:30:21 | 012,433,920 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013/01/24 23:39:43 | 000,475,136 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\295bceb25b989b5e5db8a70cbbb42853\IAStorUtil.ni.dll MOD - [2013/01/24 23:39:43 | 000,014,336 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\781904ca0923a7ddaabf182f17663e96\IAStorCommon.ni.dll MOD - [2013/01/24 23:37:25 | 000,771,584 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013/01/24 23:36:49 | 000,971,264 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013/01/24 23:36:46 | 005,450,752 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013/01/24 23:36:15 | 001,593,856 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/24 23:35:07 | 003,325,952 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013/01/24 23:35:03 | 007,977,984 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/24 23:34:55 | 011,492,352 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2007/10/09 19:18:12 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
========== Services (SafeList) ==========SRV - [2013/02/26 18:24:03 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] --C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe --(AdobeARMservice) SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] --C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe --(ZuneWlanCfgSvc) SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe --(WMZuneComm) SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe --(ZuneNetworkSvc) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] --C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe --(IAStorDataMgrSvc) SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll --(WAS) SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\System32\inetsrv\iisw3adm.dll --(W3SVC) SRV - [2009/04/14 09:59:14 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] --C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\System32\inetsrv\apphostsvc.dll --(AppHostSvc) SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] --C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy) SRV - [2008/02/15 22:34:18 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] --C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Program Files\Windows Defender\MpSvc.dll --(WinDefend) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\WindowsMobile\wcescomm.dll --(WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\WindowsMobile\rapimgr.dll --(RapiMgr) SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] --C:\Windows\System32\stacsv.exe -- (STacSV)
========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Auto | Stopped] --system32\DRIVERS\xaudio.sys -- (XAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys --(NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys --(NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] --system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys --(IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys --(HSXHWAZL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | Disabled | Stopped] --C:\Windows\system32\drivers\blbdrive.sys --(blbdrive) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys --(BCM42RLY) DRV - File not found [Kernel | System | Stopped] --C:\Windows\system32\drivers\AntiLog32.sys --(AntiLog32) DRV - [2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] --C:\Windows\System32\drivers\gfibto.sys --(gfibto) DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] --C:\Windows\System32\drivers\aswSnx.sys --(aswSnx) DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] --C:\Windows\System32\drivers\aswSP.sys --(aswSP) DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] --C:\Windows\System32\drivers\aswTdi.sys --(aswTdi) DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] --C:\Windows\System32\drivers\aswRdr.sys --(AswRdr) DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys --(aswFsBlk) DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys --(cpudrv) DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --C:\Windows\System32\drivers\winusb.sys --(WinUSB) DRV - [2009/04/02 15:00:12 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmactmon.sys --(tmactmon) DRV - [2009/04/02 15:00:08 | 000,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmevtmgr.sys --(tmevtmgr) DRV - [2009/04/02 15:00:00 | 000,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmcomm.sys --(tmcomm) DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmxpflt.sys --(tmxpflt) DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmpreflt.sys --(tmpreflt) DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\vsapint.sys --(vsapint) DRV - [2008/02/15 22:34:18 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] --C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2007/06/25 17:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] --C:\Windows\System32\drivers\Apfiltr.sys --(ApfiltrService) DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys --(STHDA) DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] --C:\Windows\System32\drivers\OEM02Dev.sys --(OEM02Dev) DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] --C:\Windows\System32\drivers\OEM02Vfx.sys --(OEM02Vfx) DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\Windows\System32\drivers\rimmptsk.sys --(rimmptsk) DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\Windows\System32\drivers\rimsptsk.sys --(rimsptsk) DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\Windows\System32\drivers\rixdptsk.sys --(rismxdp)
========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q= {searchTerms}&rls=com.microsoft:{language}: {referrer:source?}&ie={inputEncoding}&oe= {outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" =
http://isearch.fantastigames.com/web? src=ieb&gct=ds&appid=107&systemid=465&q= {searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4B26DEFC-8C40-42C7-8309-AE629A7B3854}: "URL" =
http://www.google.com/search?q= {searchTerms}&rls=com.microsoft:{language}&ie= {inputEncoding}&oe={outputEncoding}&startIndex= {startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" =
http://isearch.fantastigames.com/web? src=ieb&gct=ds&appid=107&systemid=465&q= {searchTerms} IE -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF -HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF -HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}& {google:RLZ}{google:acceptedSuggestion} {google:originalQueryForSuggestion} {google:assistedQueryStats} {google:searchFieldtrialParameter} {google:searchClient}{google:sourceId} {google:instantExtendedEnabledParameter}ie= {inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search? {google:searchFieldtrialParameter}client=chrome&q= {searchTerms}&{google:cursorPosition}sugkey= {google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2010/10/08 15:11:06 | 000,000,761 | ---- | M]) -C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1
O1 - Hosts: ::1
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) -{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object) O17 -HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54 O17 -HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03F3AC55-7682-499F-BBAB-B01BF71466CF}: DhcpNameServer = 192.168.1.1 184.16.33.54 O17 -HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F0A8F20-B48E-4425-A7C7-C6C1438FC199}: DhcpNameServer = 192.168.1.1 184.16.33.54 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit -(C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O30 - LSA: Authentication Packages - (ows\s) -File not found O30 - LSA: Security Packages - (X2嘀 蘁 獭ㅶた搮 汬) - File not found O30 - LSA: Security Packages - (>뻯 ẵ ẵ&) - File not found O30 - LSA: Security Packages - (��) - File not found O30 - LSA: Security Packages - () - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders -Created Within 30 Days ==========[2013/03/02 11:16:11 | 000,000,000 | ---D | C] --C:\_OTL [2013/03/02 11:16:11 | 000,000,000 | ---D | C] --\_OTL [2013/03/01 11:04:13 | 000,602,112 | ---- | C] (OldTimer Tools) --C:\Users\Owner\Desktop\OTL.exe [2013/02/28 19:47:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/02/26 18:09:42 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013/02/26 18:09:39 | 000,000,000 | ---D | C] --C:\Program Files\Origin [2013/02/25 22:35:21 | 000,000,000 | ---D | C] --C:\Windows\System32\x64 [2013/02/25 22:20:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2013/02/25 10:09:07 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc [2013/02/22 13:28:23 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\LavasoftStatistics [2013/02/22 13:27:30 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013/02/22 13:27:30 | 000,013,560 | ---- | C] (GFI Software) --C:\Windows\System32\drivers\gfibto.sys [2013/02/20 21:17:36 | 000,361,032 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswSP.sys [2013/02/20 21:17:36 | 000,021,256 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswFsBlk.sys [2013/02/20 21:17:36 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/02/20 21:17:35 | 000,738,504 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswSnx.sys [2013/02/20 21:17:35 | 000,054,232 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswTdi.sys [2013/02/20 21:17:35 | 000,035,928 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswRdr.sys [2013/02/20 21:17:33 | 000,058,680 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswMonFlt.sys [2013/02/20 21:16:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/02/20 21:16:43 | 000,227,648 | ---- | C] (AVAST Software) --C:\Windows\System32\aswBoot.exe [2013/02/20 21:16:18 | 000,000,000 | ---D | C] --C:\ProgramData\AVAST Software [2013/02/20 21:16:18 | 000,000,000 | ---D | C] --C:\Program Files\AVAST Software [2013/02/20 19:24:18 | 000,000,000 | ---D | C] --C:\Program Files\Enigma Software Group [2013/02/20 19:23:21 | 000,000,000 | ---D | C] --C:\Program Files\Common Files\Wise Installation Wizard [2013/02/19 11:13:54 | 000,000,000 | ---D | C] --C:\Program Files\AntiLogger [2013/02/14 13:38:47 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2013/02/14 13:38:46 | 000,000,000 | ---D | C] --C:\Program Files\Lavalys [2013/02/14 10:48:10 | 000,000,000 | ---D | C] --C:\Program Files\SystemRequirementsLab [2013/02/14 10:48:09 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\SystemRequirementsLab [2013/02/14 10:48:02 | 000,000,000 | ---D | C] --C:\Windows\Sun [2013/02/14 10:47:44 | 000,000,000 | ---D | C] --C:\ProgramData\Sun [2013/02/14 10:45:37 | 000,000,000 | ---D | C] --C:\ProgramData\McAfee [2013/02/14 01:26:17 | 000,000,000 | R--D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2013/02/14 01:23:35 | 000,000,000 | ---D | C] --C:\Program Files\Dell Support Center [2013/02/14 01:22:18 | 000,000,000 | ---D | C] --C:\temp [2013/02/14 01:22:18 | 000,000,000 | ---D | C] --\temp [2013/02/14 01:10:25 | 000,000,000 | ---D | C] --C:\Windows\Driver Cache [2013/02/14 01:10:25 | 000,000,000 | ---D | C] --C:\Program Files\AVerMedia [2013/02/13 23:03:54 | 000,000,000 | ---D | C] --C:\Users\Owner\Documents\Battlefield 1942 [2013/02/13 21:45:36 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\WinRAR [2013/02/13 21:45:36 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013/02/13 21:45:36 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013/02/13 21:45:32 | 000,000,000 | ---D | C] --C:\Program Files\WinRAR [2013/02/13 21:45:09 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q [2013/02/13 21:24:40 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\Origin [2013/02/13 21:23:55 | 000,000,000 | ---D | C] --C:\ProgramData\Origin [2013/02/13 21:23:54 | 000,000,000 | ---D | C] --C:\ProgramData\Electronic Arts [2013/02/12 15:51:50 | 000,000,000 | ---D | C] --C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/02/12 14:18:24 | 000,000,000 | ---D | C] --C:\Program Files\FGIcon [2013/02/12 14:18:04 | 000,000,000 | ---D | C] --C:\ProgramData\Tarma Installer [2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========[2013/03/03 10:40:00 | 000,000,420 | -H-- | M] () --C:\Windows\tasks\User_Feed_Synchronization-{9DE2A930-5BF7-466C-A033-6CDC69CE178C}.job [2013/03/03 10:23:00 | 000,000,830 | ---- | M] () --C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/03 10:21:00 | 000,000,884 | ---- | M] () --C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/03 09:28:08 | 000,003,792 | -H-- | M] () --C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 09:28:08 | 000,003,792 | -H-- | M] () --C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 09:21:00 | 000,000,880 | ---- | M] () --C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/02 11:28:03 | 000,067,584 | --S- | M] () --C:\Windows\bootstat.dat [2013/03/02 11:02:41 | 000,001,894 | ---- | M] () --C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) --C:\Users\Owner\Desktop\OTL.exe [2013/02/28 19:47:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/02/26 18:09:43 | 000,000,778 | ---- | M] () --C:\Users\Public\Desktop\Origin.lnk [2013/02/25 23:27:32 | 000,000,359 | ---- | M] () --C:\Users\Owner\Desktop\Downloads.lnk [2013/02/25 16:14:39 | 000,269,944 | ---- | M] () --C:\Windows\System32\FNTCACHE.DAT [2013/02/25 10:23:41 | 000,000,250 | ---- | M] () --C:\WirelessDiagLog.csv [2013/02/24 12:03:26 | 000,001,973 | ---- | M] () --C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/22 13:27:30 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) --C:\Windows\System32\drivers\gfibto.sys [2013/02/21 18:24:27 | 000,000,258 | RHS- | M] () --C:\ProgramData\ntuser.pol [2013/02/21 17:17:16 | 000,000,000 | RHS- | M] () --C:\MSDOS.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | M] () --C:\IO.SYS [2013/02/21 14:20:58 | 000,001,831 | ---- | M] () --C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/02/21 14:20:57 | 000,002,577 | ---- | M] () --C:\Windows\System32\config.nt [2013/02/14 11:31:28 | 000,000,297 | ---- | M] () --C:\Users\Owner\Desktop\puter.lnk [2013/02/14 10:55:03 | 000,196,608 | ---- | M] () --C:\Windows\SPInstall.etl [2013/02/14 01:20:18 | 003,892,272 | ---- | M] () --C:\Users\Owner\Desktop\run this with battery in.exe [2013/02/13 20:58:30 | 000,657,684 | ---- | M] () --C:\Windows\System32\perfh009.dat [2013/02/13 20:58:30 | 000,122,714 | ---- | M] () --C:\Windows\System32\perfc009.dat [2013/02/11 21:23:40 | 000,023,125 | ---- | M] () --C:\Windows\hpqins15.dat [2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========[2013/03/02 11:02:28 | 000,001,894 | ---- | C] () --C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/03/02 11:02:26 | 000,001,804 | ---- | C] () --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/26 18:09:43 | 000,000,778 | ---- | C] () --C:\Users\Public\Desktop\Origin.lnk [2013/02/25 23:27:32 | 000,000,359 | ---- | C] () --C:\Users\Owner\Desktop\Downloads.lnk [2013/02/25 10:29:53 | 000,744,740 | ---- | C] () --C:\Windows\System32\oem21.inf [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --C:\MSDOS.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --\MSDOS.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --C:\IO.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --\IO.SYS [2013/02/20 21:17:37 | 000,001,831 | ---- | C] () --C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/02/14 11:31:28 | 000,000,297 | ---- | C] () --C:\Users\Owner\Desktop\puter.lnk [2013/02/14 10:29:27 | 000,196,608 | ---- | C] () --C:\Windows\SPInstall.etl [2013/02/14 01:20:18 | 003,892,272 | ---- | C] () --C:\Users\Owner\Desktop\run this with battery in.exe [2013/02/11 21:22:43 | 000,023,125 | ---- | C] () --C:\Windows\hpqins15.dat [2010/11/27 11:06:02 | 000,013,030 | ---- | C] () --\PDOXUSRS.NET [2008/10/12 22:18:10 | 000,000,164 | ---- | C] () --\install.dat [2008/07/30 22:58:27 | 000,000,250 | ---- | C] () --\WirelessDiagLog.csv [2008/04/18 01:45:26 | 000,000,258 | RHS- | C] () --C:\ProgramData\ntuser.pol [2008/04/18 00:22:52 | 000,024,227 | ---- | C] () --C:\Users\Owner\AppData\Roaming\UserTile.png [2008/04/17 16:39:05 | 000,000,240 | ---- | C] () --C:\Users\Owner\Window Switcher.lnk [2008/04/15 16:57:51 | 000,008,192 | R-S- | C] () --\BOOTSECT.BAK [2008/03/04 16:55:40 | 000,004,622 | RH-- | C] () --\dell.sdr [2008/03/04 15:19:18 | 000,021,469 | ---- | C] () --\newkey [2008/03/04 15:19:18 | 000,021,469 | ---- | C] () --\newfile.enc [2008/02/03 15:06:57 | 000,333,257 | RHS- | C] () --\bootmgr [2006/11/02 02:23:09 | 000,000,024 | ---- | C] () --\autoexec.bat [2006/11/01 22:25:08 | 000,000,010 | ---- | C] () --\config.sys
========== ZeroAccess Check ==========[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () --C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll --[2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll --[2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
========== LOP Check ==========[2013/02/13 21:45:09 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q [2009/02/13 22:52:58 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\Amazon [2010/11/27 11:01:42 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\GetRightToGo [2009/01/30 01:58:35 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\iWin [2013/02/13 22:06:09 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\Origin [2009/01/11 01:56:21 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\ParetoLogic [2008/06/08 01:29:02 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\PeerNetworking [2013/02/14 10:48:09 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\SystemRequirementsLab [2012/09/26 21:01:40 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\TuneUp Software [2008/05/27 23:59:21 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\Windows Live Writer
========== Purity Check ==========< End of report >