Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can not install Firefox [Solved]

100% CPU usage all the time

  • This topic is locked This topic is locked
21 replies to this topic

#1 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 27 December 2013 - 09:00 AM

I have no idea what is wrong with this box.  It runs slow, the cpu will peg at 100% use even after I close everything.  I tried installing Firefox and it refuse to comply.  
 
I ran High jack this but it had several error messages while running, so I'm including the OLT report also.
 
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:49 AM, on 12/27/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...3-7C041980242E}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1303355271703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1303355917984
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
--
End of file - 7526 bytes
 
 
 
 
 
 
 
 

OTL logfile created on: 12/27/2013 9:48:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Joe's Toy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.39% Memory free
5.72 Gb Paging File | 4.87 Gb Available in Paging File | 85.13% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 32.57 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
 
Computer Name: MIRANDA-243875E | User Name: Joe's Toy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll ()
MOD - C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (WiseBootAssistant) -- C:\Program Files\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...3-7C041980242E}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 BF DA 66 68 02 CF 01  [binary data]
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011/04/06 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/07 11:33:13 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/06/22 03:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Entanglement Web App = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Bejeweled = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Panda Poet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf\6_0\
CHR - Extension: WOT Safe Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\~
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Flixster = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Flood-It! = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: elRTE - HTML edit = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie\0.1_0\
CHR - Extension: Isoball 3 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.9.2_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\~
CHR - Extension: Sudoku = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jknjmdhcdfnhedcghbjbklllbliheppm\1.0.1_0\
CHR - Extension: Tab Activate = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj\1.2.8_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.12.2.3_0\
CHR - Extension: SparkChess 6 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.4.5.1_0\
CHR - Extension: Popup HTML Editor = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0\
CHR - Extension: Sumon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf\1.0.0.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Auto Refresh Plus = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.23_0\
CHR - Extension: Sinuous = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Type Fu = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk\3.6.3_0\
 
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1303355271703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1303355917984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776F9E9B-B668-41E2-A39E-9C86CB86334C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/27 09:46:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/26 15:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2013/12/26 15:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Adobe
[2013/12/26 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop\Adobe Photoshop Elements 10
[2013/12/26 14:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Autodesk
[2013/12/26 14:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alias
[2013/12/26 14:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Autodesk
[2013/12/26 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/12/26 14:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\Downloads
[2013/12/26 14:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Chrome Apps
[2013/12/26 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
[2013/12/26 14:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google
[2013/12/26 14:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Deployment
[2013/12/26 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/26 13:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Macromedia
[2013/12/26 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Adobe
[2013/12/26 13:29:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\PrivacIE
[2013/12/26 13:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\FCTB000060231
[2013/12/26 13:25:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Recent
[2013/12/26 13:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Sun
[2013/12/26 13:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Sun
[2013/12/26 13:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\IObit
[2013/12/26 13:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Search Settings
[2013/12/26 13:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Identities
[2013/12/26 13:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Music
[2013/12/26 13:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Pictures
[2013/12/26 13:01:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\IETldCache
[2013/12/26 12:58:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft
[2013/12/26 12:58:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Application Data
[2013/12/26 12:58:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Favorites
[2013/12/26 12:58:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\Cookies
[2013/12/26 12:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop
[2013/12/26 12:58:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents
[2013/12/26 12:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings
[2013/12/26 12:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Microsoft
[2013/12/26 12:58:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\SendTo
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\PrintHood
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\NetHood
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Startup
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Accessories
[2013/12/26 12:58:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Templates
[2013/12/26 09:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013/12/26 09:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/12/26 09:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2013/12/24 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TechSmith
[2013/12/24 13:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2013/12/23 17:48:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/12/23 17:48:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/12/23 17:48:16 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2013/12/23 17:48:02 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/12/20 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/27 09:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/27 09:36:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/27 09:20:42 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/27 09:20:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/27 09:11:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/27 09:10:53 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/27 09:10:45 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/27 09:10:35 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/12/27 09:10:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/27 09:09:52 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/27 09:00:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/27 07:07:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/27 07:00:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/27 01:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365 PC Checkup Task.job
[2013/12/26 19:07:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/26 15:15:18 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 13:33:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/26 13:25:54 | 000,020,514 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 04:48:26 | 000,494,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/26 04:48:26 | 000,085,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/25 19:14:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/20 17:12:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2013/12/10 20:37:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/10 20:37:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/12/26 15:22:50 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Help.lnk
[2013/12/26 15:15:18 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2013/12/26 15:15:18 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 14:10:39 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 14:10:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 13:43:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/26 13:33:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/26 13:25:49 | 000,020,514 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Internet Explorer.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 12:58:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Remote Assistance.lnk
[2013/12/26 12:58:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Windows Media Player.lnk
[2013/12/20 17:12:32 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Inkscape.lnk
[2013/12/20 17:12:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/02/14 19:07:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/24 02:30:46 | 000,104,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
========== ZeroAccess Check ==========
 
[2011/04/20 21:47:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/12/26 14:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alias
[2013/01/13 11:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canon IJ Network Tool
[2011/05/08 08:56:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2013/01/13 11:50:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonEPP
[2013/01/13 11:50:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJEPPEX2
[2013/01/13 11:50:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJMyPrinter
[2013/12/09 11:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
[2013/01/13 11:50:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJSolutionMenuEX
[2013/01/13 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJWSpt
[2013/03/19 15:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
[2011/11/19 08:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2012/01/01 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2013/12/26 15:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2013/12/26 14:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe's Toy\Application Data\Autodesk
[2013/12/26 13:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe's Toy\Application Data\FCTB000060231
[2013/12/26 13:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe's Toy\Application Data\IObit
[2013/12/26 13:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe's Toy\Application Data\Search Settings
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EX_  >
[2004/08/04 06:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: EXPLORER.HTM  >
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\de\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\es\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\fr\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2003/09/15 13:06:02 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\it\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\ja\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:26:42 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\ko\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\pt-BR\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\zh-CHS\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 17:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\zh-CHT\Help\wwhelp\wwhimpl\java\html\explorer.htm
 
< MD5 for: EXPLORER.SC_  >
[2004/08/04 06:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_
 
< MD5 for: EXPLORER.SCF  >
[2004/08/04 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/04 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
[2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.EX_  >
[2004/08/04 06:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_
 
< MD5 for: IEXPLORE.EXE  >
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie8\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
 
< MD5 for: IEXPLORE.HLP  >
[2004/08/04 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\i386\iexplore.hlp
[2004/08/04 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CSS  >
[2009/09/08 11:39:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
 
< MD5 for: SERVICES.INI  >
[2009/09/08 11:39:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
 
< MD5 for: SERVICES.LNK  >
[2011/04/20 21:23:52 | 000,001,602 | ---- | M] () MD5=7D42AB9F7B3E1E6BC343F688E6415021 -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Services.lnk
[2010/01/30 09:51:40 | 000,001,602 | ---- | M] () MD5=EFB70A32D00A028A0F5A9276D7CFAEC4 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %SYSTEMDRIVE%\*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/03/08 13:21:04 | 000,000,320 | -HS- | M] () -- C:\boot.ini
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/08/15 05:52:33 | 000,000,000 | ---- | M] () -- C:\Cookies
[2008/01/15 21:24:24 | 000,006,483 | RH-- | M] () -- C:\dell.sdr
[2010/06/05 11:10:34 | 000,000,084 | ---- | M] () -- C:\EventLOG.txt
[2011/04/20 20:25:40 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/23 20:37:53 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/12/11 15:30:28 | 000,019,292 | ---- | M] () -- C:\logfile
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/04 15:39:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/12/27 09:09:50 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
[2006/12/05 19:52:06 | 000,000,505 | ---- | M] () -- C:\unPDVDDX.iss
 
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2011/04/20 21:23:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
[2011/05/23 05:00:00 | 000,029,184 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDAT.DLL
[2010/04/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
[2011/05/23 05:00:00 | 000,083,968 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPAT.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2011/04/20 23:29:25 | 000,000,005 | ---- | M] () -- C:\Program Files\eula.txt
[2011/04/20 23:28:36 | 000,000,014 | ---- | M] () -- C:\Program Files\version.txt
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is D0C7-26A3
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/09/2013  02:22 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/09/2013  02:22 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
12/26/2013  04:48 AM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
12/26/2013  04:44 AM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)  34,947,026,944 bytes free
 
< %systemroot%\System32\config\*.sav >
[2011/04/20 16:56:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/04/20 16:56:57 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/04/20 16:56:57 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/04/21 11:44:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/12/26 13:01:46 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2013/12/26 13:01:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
[2013/12/27 09:36:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/27 09:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-12-26 09:56:49
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1638 bytes -> C:\WINDOWS\System32\drivers\gycvgqdo.sys:changelist
 
< End of report >
 
 
 
 
 
 
 
 
 

OTL Extras logfile created on: 12/27/2013 9:48:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Joe's Toy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.39% Memory free
5.72 Gb Paging File | 4.87 Gb Available in Paging File | 85.13% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 32.57 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
 
Computer Name: MIRANDA-243875E | User Name: Joe's Toy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"57663:TCP" = 57663:TCP:*:Enabled:Pando Media Booster
"57663:UDP" = 57663:UDP:*:Enabled:Pando Media Booster
"58758:TCP" = 58758:TCP:*:Enabled:Pando Media Booster
"58758:UDP" = 58758:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"57663:TCP" = 57663:TCP:*:Enabled:Pando Media Booster
"57663:UDP" = 57663:UDP:*:Enabled:Pando Media Booster
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
"58758:TCP" = 58758:TCP:*:Enabled:Pando Media Booster
"58758:UDP" = 58758:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Bundle Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Bundle Toolbar (Update) -- (FreeCause Inc.)
"C:\Documents and Settings\Miranda.MIRANDA-243875E\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Miranda.MIRANDA-243875E\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Miranda.MIRANDA-243875E\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Miranda.MIRANDA-243875E\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{34CBACD3-040E-43D6-86C1-9FBE44B180BF}" = Autodesk SketchBook Express 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1" = Windows Movie Maker 6.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76FC33A8-2D83-439B-9C1B-09CDE10A555F}" = IObit Toolbar v8.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.25
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon MG5300 series User Registration" = Canon MG5300 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Defraggler" = Defraggler
"Device Doctor_is1" = Device Doctor v2.1
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Grand Fantasia" = Grand Fantasia
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Search Toolbar" = Search Toolbar
"Speccy" = Speccy
"SynTPDeinstKey" = Dell Touchpad
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.77
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.66
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/21/2013 6:44:25 PM | Computer Name = MIRANDA-243875E | Source = Chrome | ID = 1
Description = 
 
Error - 11/22/2013 7:28:27 PM | Computer Name = MIRANDA-243875E | Source = Chrome | ID = 1
Description = 
 
Error - 12/4/2013 2:10:36 AM | Computer Name = MIRANDA-243875E | Source = Google Update | ID = 20
Description = 
 
Error - 12/8/2013 2:40:40 AM | Computer Name = MIRANDA-243875E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
 P4 11.1.4501.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/13/2013 2:37:23 AM | Computer Name = MIRANDA-243875E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8007066f, P2 patchapplication, P3 am bdd,
 P4 11.1.4501.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/25/2013 8:36:01 PM | Computer Name = MIRANDA-243875E | Source = Chrome | ID = 1
Description = 
 
Error - 12/26/2013 10:07:33 AM | Computer Name = MIRANDA-243875E | Source = Google Update | ID = 20
Description = 
 
Error - 12/26/2013 10:14:09 AM | Computer Name = MIRANDA-243875E | Source = Google Update | ID = 20
Description = 
 
Error - 12/26/2013 2:33:13 PM | Computer Name = MIRANDA-243875E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0,
 P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/26/2013 2:33:19 PM | Computer Name = MIRANDA-243875E | Source = Microsoft Security Client | ID = 5000
Description = 
 
[ System Events ]
Error - 12/26/2013 1:53:28 PM | Computer Name = MIRANDA-243875E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 12/26/2013 1:53:30 PM | Computer Name = MIRANDA-243875E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 12/26/2013 1:53:33 PM | Computer Name = MIRANDA-243875E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 12/26/2013 1:53:35 PM | Computer Name = MIRANDA-243875E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 12/26/2013 2:00:58 PM | Computer Name = MIRANDA-243875E | Source = Service Control Manager | ID = 7022
Description = The Pure Networks Platform Service service hung on starting.
 
Error - 12/26/2013 2:00:58 PM | Computer Name = MIRANDA-243875E | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 12/26/2013 3:05:51 PM | Computer Name = MIRANDA-243875E | Source = Service Control Manager | ID = 7022
Description = The Pure Networks Platform Service service hung on starting.
 
Error - 12/26/2013 3:05:51 PM | Computer Name = MIRANDA-243875E | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 12/27/2013 10:12:47 AM | Computer Name = MIRANDA-243875E | Source = Service Control Manager | ID = 7022
Description = The Pure Networks Platform Service service hung on starting.
 
Error - 12/27/2013 10:17:03 AM | Computer Name = MIRANDA-243875E | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
  It has done this 1 time(s).
 
 
< End of report >
 
 
 

Ask, and you shall receive.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 27 December 2013 - 11:16 AM

Hi sLeven7,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 & 8 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================



1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.39% Memory free

You appear to have a limited amount of RAM (random access memory) installed on this computer. That may be contributing to the CPU working extra hard to keep up with the tasks you are trying to accomplish.

You have quite a few tool-bars installed, do you use them all? Toolbars are generally third party add-ons that do not really enhance your computer's ability to function at it's desired level. The more toolbars you run, the more resources you potentially don't have for other tasks.

In your next post please provide the following:

  • AdwCleaner[S0].txt
  • aswMBR.txt
  • attach MBR.dat
  • Feedback on my comments above.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 27 December 2013 - 01:02 PM

Hi OCD, thanks for helping.

 

This machine is 5-7 years old, and 2G of RAM is all it will support, Its maxed out.  I keep a watch with the task manager and so far memory has not been a limiting resource, in that I have never seen it close to being maxed out.

 

As far as the toolbars, I think they are installed on Internet Explorer which I do not use, I use either Chrome or Firefox for almost everything.  If I'm installing something from Microsoft it sometimes requires me to use IE.  If some how they are using resources without IE being used just tell be how to uninstall them.

 

 

 

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Wise Disk Cleaner 7.77  
 Wise Registry Cleaner 7.66  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-27 13:20:32
-----------------------------
13:20:32.171    OS Version: Windows 5.1.2600 Service Pack 3
13:20:32.171    Number of processors: 1 586 0x7C02
13:20:32.171    ComputerName: MIRANDA-243875E  UserName: Joe's Toy
13:20:33.109    Initialize success
13:26:56.703    AVAST engine defs: 13122700
13:35:27.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:35:27.843    Disk 0 Vendor: ST980811AS 3.CDE Size: 76319MB BusType: 3
13:35:27.968    Disk 0 MBR read successfully
13:35:27.984    Disk 0 MBR scan
13:35:28.062    Disk 0 Windows XP default MBR code
13:35:28.093    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76230 MB offset 176715
13:35:28.171    Disk 0 scanning sectors +156296385
13:35:28.484    Disk 0 scanning C:\WINDOWS\system32\drivers
13:35:55.796    Service scanning
13:36:16.406    Service MpKsl748327bc c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{274E15AA-A94C-43FC-B4F1-A1E7ACCDCA8F}\MpKsl748327bc.sys **LOCKED** 32
13:36:36.968    Modules scanning
13:36:44.296    Disk 0 trace - called modules:
13:36:44.421    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
13:36:44.437    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d21ab8]
13:36:44.437    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89cc6d98]
13:36:44.875    AVAST engine scan C:\WINDOWS
13:36:49.359    AVAST engine scan C:\WINDOWS\system32
13:42:24.625    AVAST engine scan C:\WINDOWS\system32\drivers
13:42:53.640    AVAST engine scan C:\Documents and Settings\Joe's Toy
13:46:33.203    AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
13:56:56.453    Scan finished successfully
13:58:37.765    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat"
13:58:37.781    The log file has been saved successfully to "C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.txt"
 
 
 
 

 

 

 

 

 


Ask, and you shall receive.

#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 27 December 2013 - 02:06 PM

Hi sLeven7,
 

Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)

As you can see your hard drive is quite fragmented. Let's defrag the hard drive and see if that improves the performance any.

bullseye_zpse9eaf36e.gif Disk Defragmenter for XP

  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Please download AdwCleaner by Xplode and save to your Desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

In your next post please provide the following:

  • AdwCleaner[R0].txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 28 December 2013 - 09:38 AM

It seems to be responding a bit better after the defrag.  Still will not install Firefox.  Sketchbook doesn't recognize the tablet.  

 

 

I looked through the AdwCleaner report and saw nothing that I would want to keep.

 

 

 

# AdwCleaner v3.016 - Report created 28/12/2013 at 10:04:24
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Joe's Toy - MIRANDA-243875E
# Running from : C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Application Updater
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found C:\Documents and Settings\Joe's Toy\Application Data\Search Settings
Folder Found C:\Program Files\Application Updater
Folder Found C:\Program Files\Common Files\Spigot
Folder Found C:\Program Files\Dogpile Bundle Toolbar
Folder Found C:\Program Files\Search Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\Software\Search Settings
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.bigseekpro.com/solidyoutube/{0C37CB27-0145-4DB7-8973-7C041980242E}
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7803 octets] - [28/12/2013 10:04:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7863 octets] ##########

Ask, and you shall receive.

#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 December 2013 - 11:42 AM

Hi sLeven7,
 

Still will not install Firefox.

Did you have Firefox installed previously?
 

Sketchbook doesn't recognize the tablet.

Can you explain what Sketchbook is?

=========================
 

I looked through the AdwCleaner report and saw nothing that I would want to keep.


bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • Fresh OTL.txt
  • Answers to questions asked.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 28 December 2013 - 02:35 PM

No it will not install Firefox.  This computer was re-installed with Windows XP about two and a half years ago and the girl that has been using it said she never installed Firefox.  I saw some FF files in the OTL report, maybe the install program did that before it quit working.

 

Sketchbook is a program for graphic artists, Autodesk Sketchbook Pro is the full name.  The tablet is a graphic tablet, about 7x10 with a stylus that acts like a brush while running Sketchbook.  You draw on the tablet and it show your stroke while in SB.  That is the way it works on my daughters Windows 7 machine.  This computer running XP recognizes the tablet but Sketchbook does not see the tablet.

 

I'm seriously considering re-installing XP if this clean up does not fix the issue.

 

 

 OTL logfile created on: 12/28/2013 3:09:02 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Joe's Toy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 78.83% Memory free
5.72 Gb Paging File | 5.46 Gb Available in Paging File | 95.48% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 32.39 Gb Free Space | 43.51% Space Free | Partition Type: NTFS
 
Computer Name: MIRANDA-243875E | User Name: Joe's Toy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe (IObit)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (WiseBootAssistant) -- C:\Program Files\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 BF DA 66 68 02 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011/04/06 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/07 11:33:13 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/06/22 03:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Entanglement Web App = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Bejeweled = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Panda Poet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf\6_0\
CHR - Extension: WOT Safe Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\~
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Flixster = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Flood-It! = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: elRTE - HTML edit = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie\0.1_0\
CHR - Extension: Isoball 3 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.9.2_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\~
CHR - Extension: Sudoku = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jknjmdhcdfnhedcghbjbklllbliheppm\1.0.1_0\
CHR - Extension: Tab Activate = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj\1.2.8_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.12.2.3_0\
CHR - Extension: SparkChess 6 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.4.5.1_0\
CHR - Extension: Popup HTML Editor = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0\
CHR - Extension: Sumon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf\1.0.0.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Auto Refresh Plus = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.23_0\
CHR - Extension: Sinuous = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Type Fu = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk\3.6.3_0\
 
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1303355271703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1303355917984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776F9E9B-B668-41E2-A39E-9C86CB86334C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/28 10:04:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/28 09:38:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Recent
[2013/12/27 21:16:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Administrative Tools
[2013/12/27 13:15:23 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.exe
[2013/12/27 09:46:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/26 15:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2013/12/26 15:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Adobe
[2013/12/26 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop\Adobe Photoshop Elements 10
[2013/12/26 14:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Autodesk
[2013/12/26 14:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alias
[2013/12/26 14:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Autodesk
[2013/12/26 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/12/26 14:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\Downloads
[2013/12/26 14:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Chrome Apps
[2013/12/26 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
[2013/12/26 14:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google
[2013/12/26 14:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Deployment
[2013/12/26 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/26 13:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Macromedia
[2013/12/26 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Adobe
[2013/12/26 13:29:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\PrivacIE
[2013/12/26 13:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\FCTB000060231
[2013/12/26 13:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Sun
[2013/12/26 13:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Sun
[2013/12/26 13:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\IObit
[2013/12/26 13:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Identities
[2013/12/26 13:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Music
[2013/12/26 13:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Pictures
[2013/12/26 13:01:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\IETldCache
[2013/12/26 12:58:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft
[2013/12/26 12:58:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Application Data
[2013/12/26 12:58:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Favorites
[2013/12/26 12:58:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\Cookies
[2013/12/26 12:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop
[2013/12/26 12:58:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents
[2013/12/26 12:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings
[2013/12/26 12:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Microsoft
[2013/12/26 12:58:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\SendTo
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\PrintHood
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\NetHood
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Startup
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Accessories
[2013/12/26 12:58:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Templates
[2013/12/26 09:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2013/12/24 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TechSmith
[2013/12/24 13:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2013/12/23 17:48:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/12/23 17:48:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/12/23 17:48:16 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2013/12/23 17:48:02 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/12/20 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/28 15:09:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/28 15:02:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/28 15:00:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/28 14:59:51 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/28 14:59:43 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/12/28 14:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/28 14:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/28 14:20:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/28 13:07:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/28 10:00:07 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
[2013/12/28 07:00:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/28 01:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365 PC Checkup Task.job
[2013/12/27 19:07:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/27 13:59:17 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.zip
[2013/12/27 13:58:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat
[2013/12/27 13:15:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.exe
[2013/12/27 13:14:50 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\SecurityCheck.exe
[2013/12/27 09:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/27 09:10:53 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/27 09:09:52 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/26 15:15:18 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 13:33:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/26 13:25:54 | 000,020,514 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 04:48:26 | 000,494,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/26 04:48:26 | 000,085,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/25 19:14:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/20 17:12:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2013/12/10 20:37:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/10 20:37:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/12/28 09:59:52 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
[2013/12/27 13:59:17 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.zip
[2013/12/27 13:58:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat
[2013/12/27 13:14:40 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\SecurityCheck.exe
[2013/12/26 15:22:50 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Help.lnk
[2013/12/26 15:15:18 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2013/12/26 15:15:18 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 14:10:39 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 14:10:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 13:43:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/26 13:33:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/26 13:25:49 | 000,020,514 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Internet Explorer.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 12:58:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Remote Assistance.lnk
[2013/12/26 12:58:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Windows Media Player.lnk
[2013/12/20 17:12:32 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Inkscape.lnk
[2013/12/20 17:12:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/02/14 19:07:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/24 02:30:46 | 000,104,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
========== ZeroAccess Check ==========
 
[2011/04/20 21:47:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1638 bytes -> C:\WINDOWS\System32\drivers\gycvgqdo.sys:changelist
 
< End of report >
 
 
 

# AdwCleaner v3.016 - Report created 28/12/2013 at 14:57:04
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Joe's Toy - MIRANDA-243875E
# Running from : C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Dogpile Bundle Toolbar
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Documents and Settings\Joe's Toy\Application Data\Search Settings
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe]
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7943 octets] - [28/12/2013 10:04:24]
AdwCleaner[S0].txt - [7957 octets] - [28/12/2013 14:57:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8017 octets] ##########
 

Ask, and you shall receive.

#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 December 2013 - 03:04 PM

Hi sLeven7,
 

No it will not install Firefox. This computer was re-installed with Windows XP about two and a half years ago and the girl that has been using it said she never installed Firefox. I saw some FF files in the OTL report, maybe the install program did that before it quit working.

Let's try and remove what's looks like leftovers from a previous FireFox install. Some steps may not apply to your particular situation, so just skip those steps.

bullseye_zpse9eaf36e.gif How to display Hidden Files & Folders XP

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a check mark in the check box labeled "Display the contents of system folders".
  • Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
  • Remove the check mark from the check box labeled "Hide file extensions for known file types".
  • Remove the check mark from the check box labeled "Hide protected operating system files".
  • Press the Apply button and then the OK button and shutdown My Computer.

=========================


bullseye_zpse9eaf36e.gif Remove Mozilla Firefox Completely:

  • Exit Firefox completely
  • Go to the Control Panel > > Programs and Features
  • Select Mozilla Firefox (all versions, one at a time) and click Uninstall
    • You may be prompted with and option to "Remove my Firefox personal data and customization". This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.)
      DO NOT select this option if you want to keep your Firefox profile data and settings.
  • Delete the Firefox installation directory located here: C:\Program Files\Mozilla Firefox
  • Delete the Firefox folder that contains temporary data located here:
    • C:\Users\<username>\AppData\Local\Mozilla\Firefox
    • C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox (if it exists)
  • Remove the Mozilla Firefox desktop icon if it still is present.

Re-Hide Files and Folders

Reboot your computer to ensure changes have taken effect.

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    [2011/04/06 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/07 11:33:13 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2010/06/22 03:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

bullseye_zpse9eaf36e.gif Uninstall via Add/Remove Programs

  • Please go to Start > Control Panel > Add Remove Programs.
    Locate the following programs: (if present)
    • Java 7 Update 17
  • Click Remove and allow Windows to completely remove each one in turn.
  • Then reboot your computer to complete this part of the process.

=========================

bullseye_zpse9eaf36e.gif Update Java

  • Get the current version of Java (Version 7 Update 45) by going to http://java.com/en/d...d/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================
 

Sketchbook is a program for graphic artists, Autodesk Sketchbook Pro is the full name. The tablet is a graphic tablet, about 7x10 with a stylus that acts like a brush while running Sketchbook. You draw on the tablet and it show your stroke while in SB. That is the way it works on my daughters Windows 7 machine. This computer running XP recognizes the tablet but Sketchbook does not see the tablet.


Is SketchBook Pro compatible with Windows XP?
What kind of tablet are you using? (make & model)
 

I'm seriously considering re-installing XP if this clean up does not fix the issue.

Not 100% sure that a fresh install will correct the issues you are experiencing.

In your next post please provide the following:

  • OTL fix log
  • Fresh OTL.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 29 December 2013 - 09:46 AM

It does seem to be running better.

 

I was able to get Sketchbook and the tablet to communicate.  Had to replace Windows drivers with the Wacom Intuos (manufacturer of the tablet) and everything is working as it should with Sketchbook and the tablet.

 

I can not find the OTL fix log.  I looked in C:_OTL (the only OTL file off of C:) and found nothing labeled fix log.

 

OTL logfile created on: 12/29/2013 10:33:03 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Joe's Toy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 76.44% Memory free
5.72 Gb Paging File | 5.43 Gb Available in Paging File | 94.87% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 32.74 Gb Free Space | 43.98% Space Free | Partition Type: NTFS
 
Computer Name: MIRANDA-243875E | User Name: Joe's Toy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe (IObit)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Tablet\Wacom\libxml2.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WTabletServicePro) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (WiseBootAssistant) -- C:\Program Files\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MpKslc6cd5cf0) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C9476D9-75EC-48BB-8F96-B4036FF48C61}\MpKslc6cd5cf0.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (WacHidRouter) -- C:\WINDOWS\system32\drivers\wachidrouter.sys (Wacom Technology)
DRV - (wacomrouterfilter) -- C:\WINDOWS\system32\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV - (hidkmdf) -- C:\WINDOWS\system32\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 BF DA 66 68 02 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Entanglement Web App = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Bejeweled = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Panda Poet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf\6_0\
CHR - Extension: WOT Safe Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\~
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Flixster = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Flood-It! = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: elRTE - HTML edit = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie\0.1_0\
CHR - Extension: Isoball 3 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.9.2_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\~
CHR - Extension: Sudoku = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jknjmdhcdfnhedcghbjbklllbliheppm\1.0.1_0\
CHR - Extension: Tab Activate = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj\1.2.8_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.12.2.3_0\
CHR - Extension: SparkChess 6 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.4.5.1_0\
CHR - Extension: Popup HTML Editor = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0\
CHR - Extension: Sumon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf\1.0.0.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Auto Refresh Plus = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.23_0\
CHR - Extension: Sinuous = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Type Fu = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk\3.6.3_0\
 
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1303355271703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1303355917984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776F9E9B-B668-41E2-A39E-9C86CB86334C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/29 10:23:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/29 10:23:03 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/29 10:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
[2013/12/29 10:22:55 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/29 10:22:55 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/29 10:22:55 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/29 10:06:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/28 17:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\inkscape
[2013/12/28 16:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\WTablet
[2013/12/28 16:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2013/12/28 16:11:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wacom Tablet
[2013/12/28 16:11:09 | 000,013,112 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
[2013/12/28 16:10:40 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013/12/28 16:10:18 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2013/12/28 16:10:18 | 000,076,600 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wachidrouter.sys
[2013/12/28 16:10:18 | 000,012,088 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\hidkmdf.sys
[2013/12/28 16:10:08 | 001,604,376 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2013/12/28 16:10:08 | 001,596,696 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Touch_Tablet.dll
[2013/12/28 16:10:08 | 001,483,032 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2013/12/28 16:10:08 | 001,479,960 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomMT.dll
[2013/12/28 16:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013/12/28 10:04:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/28 09:38:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Recent
[2013/12/27 21:16:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Administrative Tools
[2013/12/27 13:15:23 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.exe
[2013/12/27 09:46:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/26 15:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2013/12/26 15:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Adobe
[2013/12/26 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop\Adobe Photoshop Elements 10
[2013/12/26 14:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Autodesk
[2013/12/26 14:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alias
[2013/12/26 14:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Autodesk
[2013/12/26 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/12/26 14:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\Downloads
[2013/12/26 14:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Chrome Apps
[2013/12/26 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
[2013/12/26 14:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google
[2013/12/26 14:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Deployment
[2013/12/26 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/26 13:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Macromedia
[2013/12/26 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Adobe
[2013/12/26 13:29:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\PrivacIE
[2013/12/26 13:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\FCTB000060231
[2013/12/26 13:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Sun
[2013/12/26 13:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Sun
[2013/12/26 13:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\IObit
[2013/12/26 13:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Identities
[2013/12/26 13:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Music
[2013/12/26 13:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Pictures
[2013/12/26 13:01:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\IETldCache
[2013/12/26 12:58:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft
[2013/12/26 12:58:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Application Data
[2013/12/26 12:58:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Favorites
[2013/12/26 12:58:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\Cookies
[2013/12/26 12:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop
[2013/12/26 12:58:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents
[2013/12/26 12:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings
[2013/12/26 12:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Microsoft
[2013/12/26 12:58:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\SendTo
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\PrintHood
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\NetHood
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Startup
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Accessories
[2013/12/26 12:58:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Templates
[2013/12/26 09:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2013/12/24 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TechSmith
[2013/12/24 13:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2013/12/23 17:48:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/12/23 17:48:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/12/23 17:48:16 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2013/12/23 17:48:02 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/12/20 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/29 10:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/29 10:32:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/29 10:30:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/29 10:29:54 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/12/29 10:29:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/29 10:22:37 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/29 10:22:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/29 10:22:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/29 10:22:33 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/29 10:22:33 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/29 10:20:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/29 10:18:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/29 10:00:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/29 07:07:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/29 07:00:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/29 01:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365 PC Checkup Task.job
[2013/12/28 19:07:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/28 17:38:16 | 000,001,329 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\recently-used.xbel
[2013/12/28 16:11:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
[2013/12/28 16:11:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/12/28 16:11:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013/12/28 10:00:07 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
[2013/12/27 13:59:17 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.zip
[2013/12/27 13:58:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat
[2013/12/27 13:15:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.exe
[2013/12/27 13:14:50 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\SecurityCheck.exe
[2013/12/27 09:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/27 09:10:53 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/27 09:09:52 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/26 15:15:18 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 13:33:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/26 13:25:54 | 000,020,514 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 04:48:26 | 000,494,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/26 04:48:26 | 000,085,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/25 19:14:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/20 17:12:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2013/12/10 20:37:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/10 20:37:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/04 11:35:55 | 001,604,376 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2013/12/04 11:35:55 | 001,596,696 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Touch_Tablet.dll
[2013/12/04 11:35:55 | 001,483,032 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2013/12/04 11:35:54 | 001,479,960 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomMT.dll
 
========== Files Created - No Company Name ==========
 
[2013/12/28 17:38:16 | 000,001,329 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\recently-used.xbel
[2013/12/28 16:11:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
[2013/12/28 16:11:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/12/28 16:11:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013/12/28 09:59:52 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
[2013/12/27 13:59:17 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.zip
[2013/12/27 13:58:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat
[2013/12/27 13:14:40 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\SecurityCheck.exe
[2013/12/26 15:22:50 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Help.lnk
[2013/12/26 15:15:18 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2013/12/26 15:15:18 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 14:10:39 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 14:10:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 13:43:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/26 13:33:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/26 13:25:49 | 000,020,514 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Internet Explorer.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 12:58:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Remote Assistance.lnk
[2013/12/26 12:58:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Windows Media Player.lnk
[2013/12/20 17:12:32 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Inkscape.lnk
[2013/12/20 17:12:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/02/14 19:07:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/24 02:30:46 | 000,104,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
========== ZeroAccess Check ==========
 
[2011/04/20 21:47:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1638 bytes -> C:\WINDOWS\System32\drivers\gycvgqdo.sys:changelist
 
< End of report >

Ask, and you shall receive.

#10 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 29 December 2013 - 09:48 AM

I have not tried to re-install Firefox, was waiting till you said the machine was clean.  Java updated fine I believe.


Ask, and you shall receive.

    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 December 2013 - 11:40 AM

Hi sLeven7,

Your OTL log looks good.  :thumbup:  Please continue ...

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 29 December 2013 - 04:55 PM

It seems to be running a bit faster and the CPU has not been pegged that I have noticed.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.29.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joe's Toy :: MIRANDA-243875E [administrator]
 
12/29/2013 3:58:18 PM
mbam-log-2013-12-29 (15-58-18).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366681
Time elapsed: 13 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir Win32/Toolbar.Widgi.A application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\wth175.dll.vir Win32/Toolbar.Widgi.A application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\wthx175.dll.vir Win64/Toolbar.Widgi.B application
C:\AdwCleaner\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\AdwCleaner\Quarantine\C\Program Files\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application
C:\Program Files\Device Doctor\DDSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\Program Files\IObit Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi.A application
C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files\IObit Toolbar\IE\8.5\iobitToolbarIE64.dll Win64/Toolbar.Widgi.B application
C:\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe Win32/Somoto.F application
 
 

Ask, and you shall receive.

#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 December 2013 - 06:48 PM

Hi sLeven7 ,

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Program Files\Device Doctor
    C:\Program Files\IObit Toolbar
    C:\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe
    
    :Commands
    [purity]
    [createrestorepoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

In your next post please provide the following:
  • New OTL.txt
  • Any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 29 December 2013 - 07:27 PM

Firefox will still not install, the installation stops at 61%, it just closes.  Everything else seems to be fine.  

 

 

 

OTL logfile created on: 12/29/2013 8:07:46 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Joe's Toy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 76.24% Memory free
5.72 Gb Paging File | 5.43 Gb Available in Paging File | 94.99% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 30.24 Gb Free Space | 40.62% Space Free | Partition Type: NTFS
Drive E: | 3.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: MIRANDA-243875E | User Name: Joe's Toy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\SketchBook Pro 6.2.4\SketchBookSnapshot.exe (Autodesk Inc)
PRC - C:\Program Files\Wise\Wise Care 365\WiseBootBooster.exe (WiseCleaner.com)
PRC - C:\Program Files\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Tablet\Wacom\libxml2.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WTabletServicePro) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (WiseBootAssistant) -- C:\Program Files\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MpKslc6cd5cf0) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C9476D9-75EC-48BB-8F96-B4036FF48C61}\MpKslc6cd5cf0.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (WacHidRouter) -- C:\WINDOWS\system32\drivers\wachidrouter.sys (Wacom Technology)
DRV - (wacomrouterfilter) -- C:\WINDOWS\system32\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV - (hidkmdf) -- C:\WINDOWS\system32\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 BF DA 66 68 02 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Entanglement Web App = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Bejeweled = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Panda Poet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf\6_0\
CHR - Extension: WOT Safe Search = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\
CHR - Extension: Hearts Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoogbeipinlfnddcoinniofcocmnbjf\1.1.0.0_0\~
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Flixster = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Flood-It! = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: elRTE - HTML edit = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie\0.1_0\
CHR - Extension: Isoball 3 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.9.2_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\
CHR - Extension: Spades Card Game = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inefjfgppchlmgbchcebphkbnaligfdo\1.1.0.0_0\~
CHR - Extension: Sudoku = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jknjmdhcdfnhedcghbjbklllbliheppm\1.0.1_0\
CHR - Extension: Tab Activate = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj\1.2.8_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.12.2.3_0\
CHR - Extension: SparkChess 6 = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.4.5.1_0\
CHR - Extension: Popup HTML Editor = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjpagcblmlakmpcihopmpfknakkimjdh\0.2_0\
CHR - Extension: Sumon = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf\1.0.0.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Auto Refresh Plus = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.23_0\
CHR - Extension: Sinuous = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Type Fu = C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk\3.6.3_0\
 
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBook Pro 6.2.4\SketchBookSnapshot.exe (Autodesk Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1303355271703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1303355917984 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776F9E9B-B668-41E2-A39E-9C86CB86334C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/29 16:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/29 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Malwarebytes
[2013/12/29 15:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/29 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013/12/29 15:55:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/29 15:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/29 15:51:39 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Joe's Toy\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/29 15:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\ArtRage Paintings
[2013/12/29 15:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Caphyon
[2013/12/29 15:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ArtRage 4
[2013/12/29 13:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Ambient Design
[2013/12/29 13:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ArtRage Studio
[2013/12/29 13:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ambient Design
[2013/12/29 10:23:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/29 10:23:03 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/29 10:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
[2013/12/29 10:22:55 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/29 10:22:55 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/29 10:22:55 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/29 10:06:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/28 17:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\inkscape
[2013/12/28 16:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\WTablet
[2013/12/28 16:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2013/12/28 16:11:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wacom Tablet
[2013/12/28 16:11:09 | 000,013,112 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
[2013/12/28 16:10:40 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013/12/28 16:10:18 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2013/12/28 16:10:18 | 000,076,600 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wachidrouter.sys
[2013/12/28 16:10:18 | 000,012,088 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\hidkmdf.sys
[2013/12/28 16:10:08 | 001,604,376 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2013/12/28 16:10:08 | 001,596,696 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Touch_Tablet.dll
[2013/12/28 16:10:08 | 001,483,032 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2013/12/28 16:10:08 | 001,479,960 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomMT.dll
[2013/12/28 16:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013/12/28 10:04:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/28 09:38:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Recent
[2013/12/27 21:16:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Administrative Tools
[2013/12/27 13:15:23 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.exe
[2013/12/27 09:46:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/26 15:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2013/12/26 15:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Adobe
[2013/12/26 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop\Adobe Photoshop Elements 10
[2013/12/26 14:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Autodesk
[2013/12/26 14:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alias
[2013/12/26 14:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Autodesk
[2013/12/26 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/12/26 14:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\Downloads
[2013/12/26 14:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Chrome Apps
[2013/12/26 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
[2013/12/26 14:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Google
[2013/12/26 14:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Deployment
[2013/12/26 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/26 13:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Macromedia
[2013/12/26 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Adobe
[2013/12/26 13:29:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\PrivacIE
[2013/12/26 13:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\FCTB000060231
[2013/12/26 13:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Sun
[2013/12/26 13:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Sun
[2013/12/26 13:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\IObit
[2013/12/26 13:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Identities
[2013/12/26 13:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Music
[2013/12/26 13:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents\My Pictures
[2013/12/26 13:01:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\IETldCache
[2013/12/26 12:58:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft
[2013/12/26 12:58:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\Application Data
[2013/12/26 12:58:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Favorites
[2013/12/26 12:58:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe's Toy\Cookies
[2013/12/26 12:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Desktop
[2013/12/26 12:58:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\My Documents
[2013/12/26 12:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings
[2013/12/26 12:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\Microsoft
[2013/12/26 12:58:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe's Toy\SendTo
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\PrintHood
[2013/12/26 12:58:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\NetHood
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Startup
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu
[2013/12/26 12:58:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Accessories
[2013/12/26 12:58:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joe's Toy\Templates
[2013/12/24 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TechSmith
[2013/12/24 13:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2013/12/23 17:48:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/12/23 17:48:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/12/23 17:48:16 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2013/12/23 17:48:02 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/12/20 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/29 20:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/29 20:06:57 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/29 20:06:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/12/29 20:06:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/29 20:00:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/29 19:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/29 19:20:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/29 19:07:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003UA.job
[2013/12/29 19:07:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/29 15:55:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 15:52:05 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/29 15:51:53 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Joe's Toy\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/29 15:07:25 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ArtRage 4.lnk
[2013/12/29 13:52:34 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ArtRage Studio.lnk
[2013/12/29 13:47:31 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SketchBook Pro 6.2.4.lnk
[2013/12/29 13:47:30 | 000,001,889 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
[2013/12/29 10:22:37 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/29 10:22:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/29 10:22:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/29 10:22:33 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/29 10:22:33 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/29 07:00:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-839522115-1003Core.job
[2013/12/29 01:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365 PC Checkup Task.job
[2013/12/28 17:38:16 | 000,001,329 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\recently-used.xbel
[2013/12/28 16:11:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
[2013/12/28 16:11:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/12/28 16:11:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013/12/28 10:00:07 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
[2013/12/27 13:59:17 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.zip
[2013/12/27 13:58:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat
[2013/12/27 13:15:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joe's Toy\Desktop\aswMBR.exe
[2013/12/27 13:14:50 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Desktop\SecurityCheck.exe
[2013/12/27 09:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe's Toy\Desktop\OTL.exe
[2013/12/27 09:36:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joe's Toy\Desktop\HiJackThis.exe
[2013/12/27 09:10:53 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/27 09:09:52 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/26 15:15:18 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 13:33:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/26 13:25:54 | 000,020,514 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 04:48:26 | 000,494,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/26 04:48:26 | 000,085,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/25 19:14:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/20 17:12:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2013/12/10 20:37:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/10 20:37:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/04 11:35:55 | 001,604,376 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2013/12/04 11:35:55 | 001,596,696 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Touch_Tablet.dll
[2013/12/04 11:35:55 | 001,483,032 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2013/12/04 11:35:54 | 001,479,960 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomMT.dll
 
========== Files Created - No Company Name ==========
 
[2013/12/29 15:55:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 15:07:25 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ArtRage 4.lnk
[2013/12/29 13:52:34 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ArtRage Studio.lnk
[2013/12/29 13:47:31 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SketchBook Pro 6.2.4.lnk
[2013/12/29 13:47:30 | 000,001,889 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
[2013/12/28 17:38:16 | 000,001,329 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Local Settings\Application Data\recently-used.xbel
[2013/12/28 16:11:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
[2013/12/28 16:11:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/12/28 16:11:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013/12/28 09:59:52 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\AdwCleaner.exe
[2013/12/27 13:59:17 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.zip
[2013/12/27 13:58:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\MBR.dat
[2013/12/27 13:14:40 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Desktop\SecurityCheck.exe
[2013/12/26 15:22:50 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Help.lnk
[2013/12/26 15:15:18 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2013/12/26 15:15:18 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 10.lnk
[2013/12/26 14:28:54 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:28:54 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk SketchBook Express 6.2.lnk
[2013/12/26 14:13:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/26 14:13:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2013/12/26 14:10:39 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 14:10:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 13:43:15 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/26 13:33:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/26 13:25:49 | 000,020,514 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\My Documents\cc_20131226_132542.reg
[2013/12/26 13:01:46 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 13:01:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Internet Explorer.lnk
[2013/12/26 13:01:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/12/26 12:58:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Remote Assistance.lnk
[2013/12/26 12:58:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Joe's Toy\Start Menu\Programs\Windows Media Player.lnk
[2013/12/20 17:12:32 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Inkscape.lnk
[2013/12/20 17:12:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Inkscape.lnk
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/02/14 19:07:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/24 02:30:46 | 000,104,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
========== ZeroAccess Check ==========
 
[2011/04/20 21:47:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1638 bytes -> C:\WINDOWS\System32\drivers\gycvgqdo.sys:changelist
 
< End of report >

Ask, and you shall receive.

#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 December 2013 - 11:57 PM

Hi sLeven7,

Let's try and remove Firefox in Safe Mode.

bullseye_zpse9eaf36e.gif Reboot Windows XP in Safe Mode
  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Then press enter on your keyboard to boot into Safe Mode.
    =========================

    bullseye_zpse9eaf36e.gif Remove Mozilla Firefox Completely:
  • Go to the Control Panel > > Programs and Features
  • Select Mozilla Firefox (all versions, one at a time) and click Uninstall
  • You may be prompted with and option to "Remove my Firefox personal data and customization". This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.)
    DO NOT select this option if you want to keep your Firefox profile data and settings.
  • Delete the Firefox installation directory located here: C:\Program Files\Mozilla Firefox
  • Delete the Firefox folder that contains temporary data located here:
  • C:\Users\<username>\AppData\Local\Mozilla\Firefox
  • C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox (if it exists)
    =========================

    Reboot in Normal Mode then attempt to re-install Firefox.



OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users