Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91701 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Websearch. Searchnewtab, keyword Hijacker. false emails, IE wont work


  • This topic is locked This topic is locked
34 replies to this topic

#1 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 03 January 2014 - 08:55 PM

Hi - Needing your help with a lot of different issues.

 

1. Possible malware/virus=Websearch. Searchnewtab, keyword Hijacker, safesaverBHO, searchwebs, statcounter, zedo. Spybot Search &Destroy found on 11/23/2013 and are quaranteed.
2. Email - have been receiving false emails that use a contacts name and include a link that takes you to a site and downloads something before you can even shut the page down.
3- Internet Explorer wont work correctly. The initial page loads but will freeze if I try to go to another page. 
4. Windows Update - When I check for updates or if set to automatically check for updates, I no longer have the option to look at the updates needed. It will just say the computer needs to shut down to update. Within a minute after restarting, Windows Update will say it needs to update and shut down again.   The only update that shows since 9/1/2013 has been for Microsoft Sec Essentials. Definition Update for Microsoft Security Essentials (KB2310138)  updated 73 times (all successful) since 10/1/2013. Im sure there has been other updates needed.         

 

OTL only produced 1 log, so I also included the HJT log. 

 

Thank you. Happy New Year!

 

-NoNo

 

 

OTL LOG:

 

OTL logfile created on: 1/3/2014 6:00:15 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gogo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 59.48% Memory free
6.09 Gb Paging File | 5.00 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 145.14 Gb Free Space | 50.54% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.28 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: GOGO | User Name: gogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gogo\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\gogo\AppData\Local\Temp\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\gogo\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (ssrangdr) -- C:\Windows\System32\drivers\ssrangdr.sys (SupportSoft Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...&cc=US&unqvl=41
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...&cc=US&unqvl=41
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2}
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:19.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..browser.startup.homepage: "http://websearch.sea...cc=US&unqvl=41"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...nqvl=41&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.sea...nqvl=41&l=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\gogo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com
[2013/11/16 21:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions
[2013/08/01 02:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/07/29 23:39:09 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235)
[2013/06/20 16:53:34 | 000,000,000 | ---D | M] (YouTube™ Anywhere Player) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
[2013/11/16 21:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged
[2013/05/13 21:11:08 | 000,615,445 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/08/01 00:16:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - homepage: http://bing.com/
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Disabled) = C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll
CHR - plugin: Picasa (Disabled) = C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: City Sights - Hello Seattle! = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk\0.2_0\
CHR - Extension: Vaudix = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\
CHR - Extension: Google Wallet = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2014/01/01 09:24:46 | 000,449,836 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C922B5CC-8097-4DF3-B14B-264696D80453}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/03 17:52:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\gogo\Desktop\HiJackThis.exe
[2014/01/03 17:24:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/03 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/31 15:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/06 00:41:21 | 000,000,000 | ---D | C] -- C:\Users\gogo\Documents\ProcAlyzer Dumps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/03 17:53:10 | 000,625,664 | ---- | M] () -- C:\Users\gogo\Desktop\dds.scr
[2014/01/03 17:52:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\gogo\Desktop\HiJackThis.exe
[2014/01/03 17:41:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 17:41:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 17:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/03 17:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 15:42:09 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/03 15:42:08 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/03 15:41:37 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 09:24:46 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/25 03:58:43 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/25 03:58:32 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140101-092446.backup
[2013/12/20 07:47:36 | 000,001,698 | ---- | M] () -- C:\Users\gogo\Desktop\cells def.rtf
[2013/12/17 02:04:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/16 23:00:09 | 000,000,100 | ---- | M] () -- C:\Windows\wininit.ini
[2013/12/05 10:25:25 | 000,001,076 | ---- | M] () -- C:\Users\gogo\Desktop\ROBLOX Player.lnk
[2013/12/05 10:25:25 | 000,000,899 | ---- | M] () -- C:\Users\gogo\Desktop\ROBLOX Studio 2013.lnk
[2013/12/04 21:47:44 | 000,002,191 | ---- | M] () -- C:\Users\gogo\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/03 17:52:30 | 000,625,664 | ---- | C] () -- C:\Users\gogo\Desktop\dds.scr
[2013/12/18 19:56:29 | 000,001,698 | ---- | C] () -- C:\Users\gogo\Desktop\cells def.rtf
[2013/12/16 23:00:09 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/23 23:58:32 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/09/19 02:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/09/19 00:21:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GOGO-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/12 21:33:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/12 21:33:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/12 21:33:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/12 21:33:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/12 21:33:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:49:24 | 000,000,036 | ---- | C] () -- C:\Users\gogo\AppData\Local\housecall.guid.cache
[2013/03/15 22:22:28 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/15 22:22:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/11/26 15:39:32 | 000,583,306 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\technic-launcher.jar
[2012/06/16 15:48:43 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/02/07 14:14:11 | 000,000,094 | ---- | C] () -- C:\Windows\EART730.ini
[2011/05/22 08:04:02 | 000,011,316 | -HS- | C] () -- C:\ProgramData\mssfsi1vlq8g1bx8lmkcbl8
[2011/03/26 18:13:54 | 000,193,536 | ---- | C] () -- C:\Users\gogo\yeah.MSWMM
[2010/07/21 22:53:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/30 13:41:15 | 000,000,069 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences2.dat
[2010/01/30 13:40:21 | 000,000,039 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences.dat
[2009/09/28 18:22:45 | 000,003,804 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\wklnhst.dat
[2009/09/15 16:47:40 | 000,001,356 | ---- | C] () -- C:\Users\gogo\AppData\Local\d3d9caps.dat
[2009/08/28 17:57:16 | 000,119,296 | ---- | C] () -- C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 23:35:33 | 000,000,632 | RHS- | C] () -- C:\Users\gogo\ntuser.pol
[2009/08/22 23:36:47 | 000,024,206 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\UserTile.png
[2009/07/31 10:08:01 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/06/26 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Daisy\AppData\Roaming\Epson
[2013/02/02 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\Daisy\AppData\Roaming\IrfanView
[2013/08/01 02:37:08 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\.minecraft
[2013/07/21 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\.technic
[2012/11/26 15:41:56 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\.techniclauncher
[2010/01/20 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/11/26 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Dropbox
[2012/06/16 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Epson
[2010/11/30 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Flood Light Games
[2013/11/29 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Games
[2011/08/09 12:25:59 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\go
[2011/02/24 12:15:24 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Instant Housecall
[2009/10/23 14:30:27 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\IronCode
[2012/02/08 06:30:44 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Leader Technologies
[2012/02/07 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Leadertech
[2012/11/26 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\logs
[2009/08/22 23:36:47 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\PeerNetworking
[2009/12/24 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\SBTT
[2009/09/25 20:12:42 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Shape games
[2009/08/19 13:56:27 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\SupportSoft
[2013/10/04 11:16:39 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\SystemRequirementsLab
[2009/09/28 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Template
[2013/11/25 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.minecraft
[2013/07/31 10:52:45 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.technic
[2013/06/28 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.techniclauncher
[2012/10/09 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/12/02 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Dropbox
[2012/10/23 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Epson
[2010/01/18 10:39:47 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\funkitron
[2013/01/29 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IrfanView
[2010/10/15 16:48:12 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Jane s Hotel
[2012/02/07 15:58:11 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Leader Technologies
[2010/03/07 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\LimeWire
[2013/07/05 19:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\logs
[2013/01/14 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\MoreTerra
[2011/12/25 13:12:14 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Origin
[2010/11/20 07:39:34 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\PlayFirst
[2010/04/30 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Shape games
[2013/10/04 11:09:56 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\SystemRequirementsLab
[2010/05/07 14:57:48 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Template
[2011/11/24 14:25:15 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Unity
[2009/08/29 06:41:10 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2009/04/20 03:38:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/20 03:37:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/20 03:37:59 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/11/13 13:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2009/04/20 03:38:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2006/11/02 04:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 04:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
 
< MD5 for: IEXPLORE.BAT  >
[2013/04/20 23:58:12 | 000,029,803 | ---- | M] () MD5=E4B95882FB080670179EA3605395889B -- C:\JRT\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2009/04/20 03:41:17 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2009/04/20 03:25:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2009/07/18 04:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 13:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/04/10 22:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2013/09/08 12:19:12 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/08 12:19:12 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_58c03951eb98ec82\iexplore.exe
[2008/01/20 18:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2009/04/19 20:56:28 | 000,060,416 | ---- | M] () MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\ComboFix\iexplore.exe
[2009/07/18 04:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2009/04/20 03:25:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2005/08/15 09:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\ComboFix\en-US\iexplore.exe
[2009/07/18 03:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2013/05/28 18:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\erdnt\cache\iexplore.exe
[2009/04/20 03:41:17 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.LOCAL  >
[2011/12/20 12:37:28 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Program Files\Internet Explorer\iexplore.exe.local
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2006/11/02 04:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2013/09/08 12:19:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/08 12:19:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2006/09/18 13:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 13:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.CFG  >
[2013/09/03 05:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2013/04/21 19:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 18:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 04:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 04:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 18:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 18:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 13:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 13:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 13:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 04:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 13:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 04:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 13:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 07:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
 
< MD5 for: WINLOGON.EXE  >
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2008/01/20 18:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 18:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 04:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
 
< MD5 for: WINLOGON.MOF  >
[2006/09/18 13:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 13:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2013/08/12 21:53:20 | 000,016,177 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/01/03 15:41:37 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 15:41:36 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2013/08/06 13:26:08 | 000,103,680 | ---- | M] (GMER) -- C:\pxldqpog.sys
[2011/11/11 23:56:59 | 000,000,184 | ---- | M] () -- C:\setup.log
[2013/08/10 23:35:35 | 000,130,780 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_11.08.2013_00.19.04_log.txt
 
< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/05 09:20:49 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2013/05/01 15:33:35 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 2DF8-C431
 Directory of C:\
11/02/2006  05:02 AM    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
11/02/2006  05:02 AM    <JUNCTION>     Application Data [..]
11/02/2006  05:02 AM    <JUNCTION>     Desktop [..]
11/02/2006  05:02 AM    <JUNCTION>     Documents [..]
11/02/2006  05:02 AM    <JUNCTION>     Favorites [..]
11/02/2006  05:02 AM    <JUNCTION>     Start Menu [..]
11/02/2006  05:02 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
11/02/2006  05:02 AM    <SYMLINKD>     All Users [c:\ProgramData]
11/02/2006  05:02 AM    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
11/02/2006  05:02 AM    <JUNCTION>     Application Data [..]
11/02/2006  05:02 AM    <JUNCTION>     Desktop [..]
11/02/2006  05:02 AM    <JUNCTION>     Documents [..]
11/02/2006  05:02 AM    <JUNCTION>     Favorites [..]
11/02/2006  05:02 AM    <JUNCTION>     Start Menu [..]
11/02/2006  05:02 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Daisy
06/26/2012  11:40 AM    <JUNCTION>     Application Data [C:\Users\Daisy\AppData\Roaming]
06/26/2012  11:40 AM    <JUNCTION>     Cookies [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Cookies]
06/26/2012  11:40 AM    <JUNCTION>     Local Settings [C:\Users\Daisy\AppData\Local]
06/26/2012  11:40 AM    <JUNCTION>     My Documents [C:\Users\Daisy\Documents]
06/26/2012  11:40 AM    <JUNCTION>     NetHood [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/26/2012  11:40 AM    <JUNCTION>     PrintHood [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/26/2012  11:40 AM    <JUNCTION>     Recent [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Recent]
06/26/2012  11:40 AM    <JUNCTION>     SendTo [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\SendTo]
06/26/2012  11:40 AM    <JUNCTION>     Start Menu [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu]
06/26/2012  11:40 AM    <JUNCTION>     Templates [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Daisy\AppData\Local
06/26/2012  11:40 AM    <JUNCTION>     Application Data [C:\Users\Daisy\AppData\Local]
06/26/2012  11:40 AM    <JUNCTION>     History [C:\Users\Daisy\AppData\Local\Microsoft\Windows\History]
06/26/2012  11:40 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Daisy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Daisy\Documents
06/26/2012  11:40 AM    <JUNCTION>     My Music [C:\Users\Daisy\Music]
06/26/2012  11:40 AM    <JUNCTION>     My Pictures [C:\Users\Daisy\Pictures]
06/26/2012  11:40 AM    <JUNCTION>     My Videos [C:\Users\Daisy\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
11/02/2006  05:02 AM    <JUNCTION>     Application Data [..]
11/02/2006  05:02 AM    <JUNCTION>     Local Settings [..]
11/02/2006  05:02 AM    <JUNCTION>     My Documents [..]
11/02/2006  05:02 AM    <JUNCTION>     NetHood [..]
11/02/2006  05:02 AM    <JUNCTION>     PrintHood [..]
11/02/2006  05:02 AM    <JUNCTION>     Recent [..]
11/02/2006  05:02 AM    <JUNCTION>     SendTo [..]
11/02/2006  05:02 AM    <JUNCTION>     Start Menu [..]
11/02/2006  05:02 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
11/02/2006  05:02 AM    <JUNCTION>     Application Data [..]
11/02/2006  05:02 AM    <JUNCTION>     History [..]
11/02/2006  05:02 AM    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
11/02/2006  05:02 AM    <JUNCTION>     My Music [..]
11/02/2006  05:02 AM    <JUNCTION>     My Pictures [..]
11/02/2006  05:02 AM    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\gogo
08/19/2009  01:46 PM    <JUNCTION>     Application Data [C:\Users\gogo\AppData\Roaming]
08/19/2009  01:46 PM    <JUNCTION>     Cookies [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Cookies]
08/19/2009  01:46 PM    <JUNCTION>     Local Settings [C:\Users\gogo\AppData\Local]
08/19/2009  01:46 PM    <JUNCTION>     My Documents [C:\Users\gogo\Documents]
08/19/2009  01:46 PM    <JUNCTION>     NetHood [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/19/2009  01:46 PM    <JUNCTION>     PrintHood [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/19/2009  01:46 PM    <JUNCTION>     Recent [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Recent]
08/19/2009  01:46 PM    <JUNCTION>     SendTo [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\SendTo]
08/19/2009  01:46 PM    <JUNCTION>     Start Menu [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu]
08/19/2009  01:46 PM    <JUNCTION>     Templates [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\gogo\AppData\Local
08/19/2009  01:46 PM    <JUNCTION>     Application Data [C:\Users\gogo\AppData\Local]
08/19/2009  01:46 PM    <JUNCTION>     History [C:\Users\gogo\AppData\Local\Microsoft\Windows\History]
08/19/2009  01:46 PM    <JUNCTION>     Temporary Internet Files [C:\Users\gogo\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\gogo\Documents
08/19/2009  01:46 PM    <JUNCTION>     My Music [C:\Users\gogo\Music]
08/19/2009  01:46 PM    <JUNCTION>     My Pictures [C:\Users\gogo\Pictures]
08/19/2009  01:46 PM    <JUNCTION>     My Videos [C:\Users\gogo\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids
08/27/2009  05:07 PM    <JUNCTION>     Application Data [C:\Users\Kids\AppData\Roaming]
08/27/2009  05:07 PM    <JUNCTION>     Cookies [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Cookies]
08/27/2009  05:07 PM    <JUNCTION>     Local Settings [C:\Users\Kids\AppData\Local]
08/27/2009  05:07 PM    <JUNCTION>     My Documents [C:\Users\Kids\Documents]
08/27/2009  05:07 PM    <JUNCTION>     NetHood [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/27/2009  05:07 PM    <JUNCTION>     PrintHood [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/27/2009  05:07 PM    <JUNCTION>     Recent [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Recent]
08/27/2009  05:07 PM    <JUNCTION>     SendTo [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\SendTo]
08/27/2009  05:07 PM    <JUNCTION>     Start Menu [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu]
08/27/2009  05:07 PM    <JUNCTION>     Templates [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids\AppData\Local
08/27/2009  05:07 PM    <JUNCTION>     Application Data [C:\Users\Kids\AppData\Local]
08/27/2009  05:07 PM    <JUNCTION>     History [C:\Users\Kids\AppData\Local\Microsoft\Windows\History]
08/27/2009  05:07 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids\Documents
08/27/2009  05:07 PM    <JUNCTION>     My Music [C:\Users\Kids\Music]
08/27/2009  05:07 PM    <JUNCTION>     My Pictures [C:\Users\Kids\Pictures]
08/27/2009  05:07 PM    <JUNCTION>     My Videos [C:\Users\Kids\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
11/02/2006  05:02 AM    <JUNCTION>     My Music [c:\Users\Public\Music]
11/02/2006  05:02 AM    <JUNCTION>     My Pictures [c:\Users\Public\Pictures]
11/02/2006  05:02 AM    <JUNCTION>     My Videos [c:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
04/20/2009  04:29 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/20/2009  04:29 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
04/20/2009  04:29 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
04/20/2009  04:29 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/20/2009  04:29 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/20/2009  04:29 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
04/20/2009  04:29 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
04/20/2009  04:29 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
04/20/2009  04:29 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
04/20/2009  04:29 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/20/2009  04:29 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/20/2009  04:29 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
04/20/2009  04:29 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
04/20/2009  04:29 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
04/20/2009  04:29 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              96 Dir(s)  155,714,809,856 bytes free
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/25 23:38:10 | 000,000,286 | -HS- | M] () -- C:\Users\gogo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/10/22 09:51:28 | 005,136,138 | R--- | M] (Swearware) -- C:\Users\gogo\Desktop\ComboFix.exe
[2014/01/03 17:52:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\gogo\Desktop\HiJackThis.exe
[2014/01/03 17:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
[2011/12/19 02:04:46 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-16 12:50:22
 
<   >
[2006/11/02 05:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 05:01:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/31 10:19:34 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 10:19:36 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 22:31:22 | 000,000,318 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForKids.job
[2013/05/13 18:54:50 | 000,000,620 | ---- | C] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/13 18:54:54 | 000,000,616 | ---- | C] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/13 18:54:56 | 000,000,446 | ---- | C] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/13 21:31:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/06/22 20:59:23 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000Core.job
[2013/06/22 20:59:25 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000UA.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:7757A6D4
 
< End of report >
 

-------------------------------------------------------------------------------------------------------------------------------

HJT LOG: 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:55:52 PM, on 1/3/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16502)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\gogo\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...&cc=US&unqvl=41
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Update Service (gupdate1ce11e97cd4f97c) (gupdate1ce11e97cd4f97c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 6224 bytes
 

 

 

 

 

 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 January 2014 - 09:06 PM

Hi NoNo,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 & 8 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Under Extra Registry section, select Use SafeList <-- important
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 06 January 2014 - 06:03 PM

Hi- Thank you for your help, The logs are below.

 

Checkup log:

 Results of screen317's Security Check version 0.99.78  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Java 7 Update 45  
 Adobe Flash Player  11.8.800.168  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
 Google Chrome winmm.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
aswMBR log:
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-06 11:19:07
-----------------------------
11:19:07.596    OS Version: Windows 6.0.6002 Service Pack 2
11:19:07.596    Number of processors: 2 586 0x170A
11:19:07.596    ComputerName: GOGO  UserName: gogo
11:19:10.826    Initialize success
11:45:43.642    AVAST engine defs: 14010600
11:58:37.448    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:58:37.448    Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 3
11:58:37.620    Disk 0 MBR read successfully
11:58:37.620    Disk 0 MBR scan
11:58:37.636    Disk 0 unknown MBR code
11:58:37.651    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       294058 MB offset 2048
11:58:37.698    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11183 MB offset 602232832
11:58:37.760    Disk 0 scanning sectors +625135616
11:58:37.885    Disk 0 scanning C:\Windows\system32\drivers
11:58:57.167    Service scanning
11:59:41.034    Modules scanning
11:59:49.286    Disk 0 trace - called modules:
11:59:49.302    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
11:59:49.817    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868308e0]
11:59:49.817    3 CLASSPNP.SYS[832088b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866aab98]
11:59:51.283    AVAST engine scan C:\Windows
11:59:57.180    AVAST engine scan C:\Windows\system32
12:05:34.624    AVAST engine scan C:\Windows\system32\drivers
12:06:02.345    AVAST engine scan C:\Users\gogo
12:40:30.226    AVAST engine scan C:\ProgramData
13:00:07.558    Scan finished successfully
13:24:32.366    Disk 0 MBR has been saved successfully to "C:\Users\gogo\Desktop\MBR.dat"
13:24:32.382    The log file has been saved successfully to "C:\Users\gogo\Desktop\aswMBR.txt"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OTL:
 

OTL logfile created on: 1/6/2014 1:29:44 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gogo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.18% Memory free
6.09 Gb Paging File | 4.94 Gb Available in Paging File | 81.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 144.45 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.28 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: GOGO | User Name: gogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gogo\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\gogo\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\gogo\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (ssrangdr) -- C:\Windows\System32\drivers\ssrangdr.sys (SupportSoft Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...&cc=US&unqvl=41
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...&cc=US&unqvl=41
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:19.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..browser.startup.homepage: "http://websearch.sea...cc=US&unqvl=41"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...nqvl=41&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.sea...nqvl=41&l=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\gogo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com
[2013/11/16 21:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions
[2013/08/01 02:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/07/29 23:39:09 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235)
[2013/06/20 16:53:34 | 000,000,000 | ---D | M] (YouTube™ Anywhere Player) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
[2013/11/16 21:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged
[2013/05/13 21:11:08 | 000,615,445 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/08/01 00:16:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - homepage: http://bing.com/
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Disabled) = C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll
CHR - plugin: Picasa (Disabled) = C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: City Sights - Hello Seattle! = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk\0.2_0\
CHR - Extension: Vaudix = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\
CHR - Extension: Google Wallet = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2014/01/01 09:24:46 | 000,449,836 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C922B5CC-8097-4DF3-B14B-264696D80453}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/06 07:52:19 | 000,000,000 | ---D | C] -- C:\Users\gogo\Documents\Gabriel
[2014/01/05 12:06:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\gogo\Desktop\aswMBR.exe
[2014/01/03 17:24:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/03 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/31 15:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/06 13:24:32 | 000,000,512 | ---- | M] () -- C:\Users\gogo\Desktop\MBR.dat
[2014/01/06 11:47:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 11:47:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 07:47:34 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 07:47:34 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/06 07:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 07:46:53 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 12:08:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\gogo\Desktop\aswMBR.exe
[2014/01/05 12:04:07 | 000,987,410 | ---- | M] () -- C:\Users\gogo\Desktop\SecurityCheck.exe
[2014/01/04 01:03:51 | 000,004,002 | ---- | M] () -- C:\Users\gogo\AppData\Roaming\wklnhst.dat
[2014/01/03 17:53:10 | 000,625,664 | ---- | M] () -- C:\Users\gogo\Desktop\dds.scr
[2014/01/03 17:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/01 09:24:46 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/25 03:58:43 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/25 03:58:32 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140101-092446.backup
[2013/12/17 02:04:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/16 23:00:09 | 000,000,100 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/06 13:24:32 | 000,000,512 | ---- | C] () -- C:\Users\gogo\Desktop\MBR.dat
[2014/01/05 12:03:08 | 000,987,410 | ---- | C] () -- C:\Users\gogo\Desktop\SecurityCheck.exe
[2014/01/03 17:52:30 | 000,625,664 | ---- | C] () -- C:\Users\gogo\Desktop\dds.scr
[2013/12/16 23:00:09 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/23 23:58:32 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/09/19 02:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/09/19 00:21:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GOGO-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/12 21:33:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/12 21:33:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/12 21:33:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/12 21:33:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/12 21:33:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:49:24 | 000,000,036 | ---- | C] () -- C:\Users\gogo\AppData\Local\housecall.guid.cache
[2013/03/15 22:22:28 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/15 22:22:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/11/26 15:39:32 | 000,583,306 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\technic-launcher.jar
[2012/06/16 15:48:43 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/02/07 14:14:11 | 000,000,094 | ---- | C] () -- C:\Windows\EART730.ini
[2011/05/22 08:04:02 | 000,011,316 | -HS- | C] () -- C:\ProgramData\mssfsi1vlq8g1bx8lmkcbl8
[2011/03/26 18:13:54 | 000,193,536 | ---- | C] () -- C:\Users\gogo\yeah.MSWMM
[2010/07/21 22:53:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/30 13:41:15 | 000,000,069 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences2.dat
[2010/01/30 13:40:21 | 000,000,039 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences.dat
[2009/09/28 18:22:45 | 000,004,002 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\wklnhst.dat
[2009/09/15 16:47:40 | 000,001,356 | ---- | C] () -- C:\Users\gogo\AppData\Local\d3d9caps.dat
[2009/08/28 17:57:16 | 000,119,296 | ---- | C] () -- C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 23:35:33 | 000,000,632 | RHS- | C] () -- C:\Users\gogo\ntuser.pol
[2009/08/22 23:36:47 | 000,024,206 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\UserTile.png
[2009/07/31 10:08:01 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:7757A6D4
 
< End of report >
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++==
Extras log:

OTL Extras logfile created on: 1/6/2014 1:29:44 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gogo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.18% Memory free
6.09 Gb Paging File | 4.94 Gb Available in Paging File | 81.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 144.45 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.28 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: GOGO | User Name: gogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | 
"{06369C28-3AB3-46FF-ACB9-129988FF9D8C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{0E67DB0F-BDF2-4F89-B485-4B6FE2664E87}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{10029520-9FB7-46A0-B832-9E0729B0A61A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1C9B350F-84AA-4A0D-8CA7-BB75DD34412A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1D4C7E33-A2E0-4A13-87F8-E1380B691A76}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{1DF9CD3D-A065-4FAF-8A7A-04FC04789DA8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20440638-8983-4DF0-9A95-8EB3EC7AF60B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{221ABA7B-872F-4508-A94E-3C960F09F433}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C1BB880-808A-449C-AB82-3C64B02609E6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{329F8282-F003-42D2-9FF8-7154464D932E}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{38D8EF09-C8B7-4DD9-A860-8D90C15015B5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3D77BDAE-6273-4327-8012-0A5C061CCAC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44F567FA-0578-4A23-9352-616AD36B2C84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4799E0B6-8924-4530-AFBD-5D20B5EC7E16}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50F78A4E-C814-400E-93DD-B73D76727AA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5207A82B-775D-4F00-8014-D8BE32B7B64C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{56F27729-93A8-46AF-B096-A45752F97A28}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6C72CEFA-9DAA-4166-931D-33666FE18555}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | 
"{714F208C-907E-4CDB-81C9-AF46194C75B8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7A8C2E56-B849-4F40-8EF7-9662E5D23316}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7E11CCA6-1A93-429A-AB01-7D137DABB08A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{83006FAE-86A7-4C5A-B00E-A86AAF0F898C}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 | 
"{8BB2F448-E344-4FC3-9382-1DE58A23F989}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F3FA4A5-ED33-4D42-9D8A-8DEAE88F220E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{90C584A6-9164-4531-BA0F-08F32D5A9909}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9285EE74-9D5D-4A41-B01B-0DF94685F88F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97855165-4800-4240-9BE4-6F12A29D5F6F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AB08C813-62A7-4ADD-ABEA-06DB0B3FFFFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B367298E-0361-4017-867C-2A90844FC653}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{BDBB86F8-2DF9-434B-A33E-69E4C3709E3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C1CB3A66-DB10-4533-83F5-8B81F5B91882}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{C6832345-D87F-4DFC-BF9B-2037F91BE253}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DBDD6B51-79C1-4706-BD77-BB04EA37B8B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{DDA38469-7944-403D-A0C8-F153624A91AE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E5CB9779-9255-48A0-9292-B36400B2D2B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EBAECCFD-5FA4-45EB-B798-A750F54D9247}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EE67B103-3948-48B4-9F51-14D7A1967284}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F5407FBD-E2E5-4B1A-B7A6-55AB0298984C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{F88D9BD8-71F2-44B3-AF7E-294FB237237B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FB3EEB35-F06C-4D55-9E71-3556658E41BB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{FD30D86F-2561-489E-9A0A-D4F645A95A94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE92ACBF-8FC8-4DD1-8851-C042E10F8FDD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D9CE1-FD7C-4950-940D-52062A7C5A51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0089EBC4-1CC7-4DC0-91CA-435CD3A21418}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0222A9F1-F0EB-463D-97B3-B98FFADA9E24}" = protocol=17 | dir=in | app=c:\users\gogo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{04A3BF97-704D-4AEC-BEDD-4E8DA07A1A12}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{0B533457-22F1-42DE-863C-9AF0F0E883B0}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{12D4C252-FCE7-478E-BC1A-C00969D9A0B5}" = dir=in | app=c:\users\gogo\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1EE2DD76-7A15-4C49-B234-B898F11B4946}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{25DDAAAD-810F-4CB8-A354-297CD3E1F091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2DF8BE44-453F-40B9-89CC-2FEC143FFC45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30EB70A9-0CF4-4F4E-A981-62D04CF51860}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{345EFB6E-AF55-41EC-8D73-2AB3168B93ED}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{3AEEB2EB-B264-45FE-88E7-5026B38D81C9}" = protocol=17 | dir=in | app=c:\program files\wildtangent games\app\wtdownloader.exe | 
"{3D464892-8B10-49E0-9011-3E3119557CD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4777347E-CFBD-4133-B801-FC28F9806850}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{4801FFC7-4929-45E6-A9EE-945C6BDFB364}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4EA5662F-A0A6-4FFB-9DD6-A430D44A80D1}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{53990426-8299-4A9B-B124-54915B199F5E}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{562E47BB-AC9B-48D0-90E1-1BF3825BBA45}" = protocol=6 | dir=in | app=c:\program files\common files\microsoft shared\windows live\signinoptions.exe | 
"{5741407C-54AB-4E70-B6E1-05C06F884EDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A534D6A-5F1C-4A8D-9277-666BE5B3E12A}" = protocol=6 | dir=in | app=c:\users\gogo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5B90F99B-4CD4-4A68-9745-CC0CCE68547C}" = protocol=6 | dir=out | app=system | 
"{6249C2BC-F678-494E-8F73-B19CA7B03F6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{625DF276-1AD4-4CE4-9DB1-49CB468A116D}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{62A7DA58-B39A-4E03-AB1B-36CE51B31E12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{646CCD26-84AE-4F98-B3CC-3F817A75EBD1}" = protocol=17 | dir=in | app=c:\users\gogo\appdata\local\temp\7zs9ccb.tmp\symnrt.exe | 
"{6D13B535-D358-4D48-9EF2-FA2A26677381}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7ACFDFA9-23F8-42FA-BA1D-6F8A609C6089}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{803E31B5-D6A8-4FDB-91E6-A8776837DE13}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{84043E9D-4ADC-49DD-9481-7F4A2F321298}" = protocol=6 | dir=in | app=c:\program files\wildtangent games\app\wtdownloader.exe | 
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{84E81746-D917-45F5-AD7D-D0A7C7566691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85FB8DAB-11F2-4446-87DA-13463BC77BD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87634331-FDF5-4D3D-BF25-6DC611D3E19E}" = protocol=17 | dir=in | app=c:\program files\common files\microsoft shared\windows live\signinoptions.exe | 
"{89BB6E46-852D-4590-9EDD-1950E422C8B1}" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\wizard101\wizard101.exe | 
"{8DC188A2-1BC6-4B0D-A501-6073C3D78B39}" = protocol=6 | dir=in | app=c:\users\gogo\appdata\local\temp\7zs9ccb.tmp\symnrt.exe | 
"{943C7345-ACB7-4F7F-9F3F-284195ECBAA3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9EB9B488-548C-4FE4-B3E7-57B517572EF8}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe | 
"{9F07BEB8-5C95-4260-BAB0-6867C5298321}" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\wizard101\wizard101.exe | 
"{A21F4D16-BBCC-40A3-A69E-3F89751231EB}" = protocol=17 | dir=in | app=c:\program files\wildtangent games\app\gameconsole-wt.exe | 
"{A5627903-A6BA-4A0B-8200-52D50D494484}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"{A6C19D64-01F6-486F-8CB3-3BFB0F2C250D}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe | 
"{ACCFC3E2-BB7E-418E-B095-1A5D21973B3D}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"{AE05A734-2832-4982-8F0F-88CB170174F7}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{B2484EEA-230E-4BF2-BAAF-58860E83C320}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3B8E25F-F053-43EE-90D5-D55A4C552D22}" = protocol=6 | dir=in | app=c:\program files\wildtangent games\app\gameconsole-wt.exe | 
"{C3E540CD-0BD4-4D90-A7AA-42BF3670F4F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D29240E5-1E01-4860-88AE-BD69F658527A}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{D459B87D-E477-4F6B-8AD0-DB2A644DA741}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe | 
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D6A7D855-2AAE-439C-9CC4-068BB16FE06D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E6010379-0AE2-4BF8-928C-BC635183CFB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE5AAF07-D916-418A-A14B-F18A695570E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F14E5789-623D-494A-B4F8-031413A7D22D}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe | 
"TCP Query User{098738EC-CFEE-464D-8977-5FE48989B030}C:\users\gogo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\gogo\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{1F98CEDC-87F4-49D8-ACE5-FAD78CCF8942}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe | 
"TCP Query User{5111A6A7-8D36-432D-8942-C10ECCF6DA7E}C:\program files\wildgames\space trader\spacetrader.exe" = protocol=6 | dir=in | app=c:\program files\wildgames\space trader\spacetrader.exe | 
"TCP Query User{58A187A4-5147-4AA5-82F8-104EAA09A0F9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{9C45DFF3-1E11-4B30-9B5C-F6D01C177338}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A5FD82AE-84EF-4E16-AC8C-3CCF0D0AA32F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{A92FBE4E-660C-4EC3-8FA0-E2D24498FA12}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{CD6596EC-B20A-43D7-A393-EBFCB87236DC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{DF82DBE6-001C-43F7-AC0F-DA8D737DF188}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{E2E34365-022A-4501-89D2-72FF811CE302}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{E3563911-8DD5-4529-8D83-184C592A91FB}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"TCP Query User{F9962221-4B3F-4024-AAC2-4BA0FBC21F51}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{1B8706F5-4067-48EC-993D-D1B3FB8F03CC}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe | 
"UDP Query User{21C0AA23-6002-4E23-8949-970EDF7EF21C}C:\users\gogo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\gogo\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{35140D3B-3DD5-49B4-9AA5-AC23C8B54848}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{3807F358-91C8-4939-ACB4-B80C60EB7812}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{536466B3-133A-434C-91D5-C50F2EC22164}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{5BBDA093-1060-4F0D-9A3B-6E9F3FCBDFA8}C:\program files\wildgames\space trader\spacetrader.exe" = protocol=17 | dir=in | app=c:\program files\wildgames\space trader\spacetrader.exe | 
"UDP Query User{5C436BF4-6732-413B-972B-DC582DF2594A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{6167E234-E3D9-48D3-8B8D-41AEEB754E20}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"UDP Query User{9181B21D-8A01-428B-B683-15A806E7C955}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{9F076223-5E89-4C07-9435-0BACD9C8B8B1}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{C926EB4F-CAC6-47B7-A518-6594D9E063C0}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{F536861F-DA65-4A67-9B6A-868F1C3B46DC}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DFX" = DFX
"EPSON Artisan 730 Series" = EPSON Artisan 730 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Instant Housecall" = Instant Housecall Remote Support
"LTCM Client" = LTCM Client
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Origin" = Origin
"Picasa 3" = Picasa 3
"Pivot Animator_is1" = Pivot Animator version 4.1.10
"SP_b0285714" = Search Assistant WebSearch 1.74
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UnityWebPlayer" = Unity Web Player
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bandizip" = Bandizip
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/22/2013 9:13:12 PM | Computer Name = GoGo | Source = EventSystem | ID = 4609
Description = 
 
Error - 12/22/2013 9:13:48 PM | Computer Name = GoGo | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String
 path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
 share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
 msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize)     at System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     at System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     at System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 12/22/2013 9:14:50 PM | Computer Name = GoGo | Source = EventSystem | ID = 4621
Description = 
 
Error - 12/22/2013 9:14:52 PM | Computer Name = GoGo | Source = EventSystem | ID = 4609
Description = 
 
Error - 12/23/2013 12:52:37 AM | Computer Name = GoGo | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x030a0fef,  process id 0xbbc, application start time
 0x01ceff5cf327d81e.
 
Error - 1/2/2014 5:32:28 PM | Computer Name = GoGo | Source = EventSystem | ID = 4609
Description = 
 
Error - 1/2/2014 5:40:04 PM | Computer Name = GoGo | Source = EventSystem | ID = 4621
Description = 
 
Error - 1/2/2014 5:40:06 PM | Computer Name = GoGo | Source = EventSystem | ID = 4609
Description = 
 
Error - 1/4/2014 11:05:49 PM | Computer Name = GoGo | Source = EventSystem | ID = 4609
Description = 
 
Error - 1/5/2014 6:45:28 AM | Computer Name = GoGo | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 1/6/2014 11:47:03 AM | Computer Name = GoGo | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 1/6/2014 11:47:08 AM | Computer Name = GoGo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 1/6/2014 11:47:11 AM | Computer Name = GoGo | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 1/6/2014 11:47:38 AM | Computer Name = GoGo | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 00265E5FE04C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 1/6/2014 11:48:08 AM | Computer Name = GoGo | Source = DCOM | ID = 10016
Description = 
 
Error - 1/6/2014 11:48:40 AM | Computer Name = GoGo | Source = DCOM | ID = 10016
Description = 
 
Error - 1/6/2014 11:49:01 AM | Computer Name = GoGo | Source = DCOM | ID = 10005
Description = 
 
Error - 1/6/2014 11:49:01 AM | Computer Name = GoGo | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 1/6/2014 11:49:01 AM | Computer Name = GoGo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 1/6/2014 3:18:31 PM | Computer Name = GoGo | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 00265E5FE04C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
MBR zip file - I have it, but I'm not sure how to attach it. Please let me know and Ill send it right away. 
 
Thank you,
 
NoNo
 
 


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 January 2014 - 07:37 PM

Hi NoNo,

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...&cc=US&unqvl=41
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...&cc=US&unqvl=41
    FF - prefs.js..browser.startup.homepage: "http://websearch.sea...cc=US&unqvl=41"
    FF - prefs.js..browser.search.order.1: "WebSearch"
    FF - prefs.js..browser.search.defaultenginename: "WebSearch"
    FF - prefs.js..browser.search.selectedEngine: "WebSearch"
    FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...nqvl=41&l=1&q="
    FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
    FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
    FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
    FF - prefs.js..keyword.URL: "http://websearch.sea...nqvl=41&l=1&q="
    [2011/05/22 08:04:02 | 000,011,316 | -HS- | C] () -- C:\ProgramData\mssfsi1vlq8g1bx8lmkcbl8
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Right click and select "Run as Administrator".

Check-mark the following check-boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • OTL fix log
  • AdwCleaner[S0].txt
  • Results.txt
  • Fresh OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 08 January 2014 - 10:50 AM

Hi-
 
OTL FIX LOG: (found under C:\_OTL\MovedFiles\01082014_074613) It looks like its the fix log.

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "http://websearch.sea....cc=US&unqvl=41" removed from browser.startup.homepage
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: "WebSearch" removed from browser.search.selectedEngine
Prefs.js: "http://websearch.sea....nqvl=41&l=1&q=" removed from browser.search.defaulturl
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.sea....nqvl=41&l=1&q=" removed from keyword.URL
C:\ProgramData\mssfsi1vlq8g1bx8lmkcbl8 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\gogo\Desktop\cmd.bat deleted successfully.
C:\Users\gogo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYJAVA]
 
User: All Users
 
User: Daisy
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: gogo
->Java cache emptied: 45911 bytes
 
User: Kids
->Java cache emptied: 8197 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Daisy
->Flash cache emptied: 506 bytes
 
User: Default
 
User: Default User
 
User: gogo
->Flash cache emptied: 539 bytes
 
User: Kids
->Flash cache emptied: 590 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01082014_074613
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
AdwCleaner[SO].txt log:
# AdwCleaner v3.016 - Report created 08/01/2014 at 07:58:03
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : gogo - GOGO
# Running from : C:\Users\gogo\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\WinterSoft
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
File Deleted : C:\Windows\System32\Tasks\paretologic update version3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3C3FDB7-72C6-48E2-B9A6-865D1C286BFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3C3FDB7-72C6-48E2-B9A6-865D1C286BFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45756FA6-9499-4194-B23D-320FA9182DCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45756FA6-9499-4194-B23D-320FA9182DCA}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanaticEI
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.searchisbestmy.info/?pid=1237&r=2013/11/17&hid=18175437295440581313&lg=EN&cc=US&unqvl=41");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchisbestmy.info/?pid=1237&r=2013/11/17&hid=18175437295440581313&lg=EN&cc=US&unqvl=41&l=1&q=");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchisbestmy.info/?pid=1237&r=2013/11/17&hid=18175437295440581313&lg=EN&cc=US&unqvl=41&l=1&q=");
 
[ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\c2cjdqpi.default\prefs.js ]
 
 
[ File : C:\Users\Daisy\AppData\Roaming\Mozilla\Firefox\Profiles\c78wcahj.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
[ File : C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3875 octets] - [08/01/2014 07:53:23]
AdwCleaner[S0].txt - [3886 octets] - [08/01/2014 07:58:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3946 octets] ##########
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
Results.txt log:
 
MiniToolBox by Farbar  Version: 18-12-2013
Ran by gogo (administrator) on 08-01-2014 at 08:05:59
Running from "C:\Users\gogo\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
 
There are 15471 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : GoGo
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 00-26-5E-5F-E0-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-E0-D7-C0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{C922B5CC-8097-4DF3-B14B-264696D80453}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{85654884-94CF-4105-B782-AFFF3610D24B}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 14 ...00 26 5e 5f e0 4c ...... Atheros AR5009 802.11a/g/n WiFi Adapter
 10 ...00 1f 16 e0 d7 c0 ...... Realtek PCIe FE Family Controller
  1 ........................... Software Loopback Interface 1
 16 ...00 00 00 00 00 00 00 e0  isatap.{C922B5CC-8097-4DF3-B14B-264696D80453}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 11 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 15 ...00 00 00 00 00 00 00 e0  isatap.{85654884-94CF-4105-B782-AFFF3610D24B}
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/05/2014 02:45:28 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp4748000ffff
 
Error: (01/04/2014 07:05:49 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7
 
Error: (01/02/2014 01:40:06 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp4748000ffff
 
Error: (01/02/2014 01:40:04 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{B28896D4-F38F-4F04-BB78-26E262077117}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (01/02/2014 01:32:28 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7
 
Error: (12/22/2013 08:52:37 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x030a0fef,
process id 0xbbc, application start time 0xExplorer.EXE0.
 
Error: (12/22/2013 05:14:52 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp4748000ffff
 
Error: (12/22/2013 05:14:50 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{04258440-5F95-4D09-8FB9-5DAF2B41C26F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/22/2013 05:13:48 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
   at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
   at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml
 
Error: (12/22/2013 05:13:12 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7
 
 
System errors:
=============
Error: (01/08/2014 08:01:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/08/2014 08:01:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (01/08/2014 08:00:26 AM) (Source: Service Control Manager) (User: )
Description: aswSnx
 
Error: (01/08/2014 08:00:26 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (01/08/2014 08:00:17 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: 2147549183
 
Error: (01/08/2014 07:50:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/08/2014 07:49:58 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (01/08/2014 07:49:08 AM) (Source: Service Control Manager) (User: )
Description: aswSnx
 
Error: (01/08/2014 07:49:08 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (01/08/2014 07:48:53 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: 2147549183
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-21 21:05:59.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:58.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:58.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:58.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:58.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:57.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:57.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 21:05:57.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-16 05:49:32.889
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-16 05:49:32.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player (Version: 11.0)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 7.7)
Bandizip (Version: 3.09)
Bing Bar (Version: 7.1.361.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 1.0.106)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.58.1.0)
CyberLink DVD Suite (Version: 6.0.2203)
CyberLink PhotoDirector 3 (Version: 3.0.3618)
CyberLink YouCam (Version: 2.0.2328)
DFX (Version: 10.137.0.0)
Dropbox (Version: 2.0.22)
EPSON Artisan 730 Series Printer Uninstall
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (Version: 1.0.1)
Epson Event Manager (Version: 2.50.0000)
Epson Print CD (Version: 2.05.00)
EPSON Scan
EpsonNet Print (Version: 2.4j)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileHippo.com Update Checker
FUJIFILM MyFinePix Studio 2.0
Google Chrome (Version: 31.0.1650.63)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Doc Viewer (Version: 1.03.0001)
HP DVD Play 3.7 (Version: 3.7.0.5723)
HP Help and Support (Version: 2.1.3.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 4.000.010.008)
HP User Guides 0118 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.0.7)
HPNetworkAssistant (Version: 1.1.70)
Instant Housecall Remote Support
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
iTunes (Version: 9.0.2.25)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LabelPrint (Version: 2.5.0926)
LightScribe System Software  1.14.17.1 (Version: 1.14.17.1)
LTCM Client
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.52)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Origin (Version: 8.3.7.3619)
Picasa 3 (Version: 3.9)
Pirate101 (Version: 1.0.0)
Pivot Animator version 4.1.10 (Version: 4.1.10)
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
Primo (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
RAF (Version: 1.00.0001)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3)
ROBLOX Player
ROBLOX Studio 2013
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 2.0.12)
SpywareBlaster 5.0 (Version: 5.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
The Sims™ 3 (Version: 1.0.631)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.18)
Unity Web Player (Version: 2.5.1f5_24931)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Wizard101 (Version: 1.0.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 32%
Total physical RAM: 3002.45 MB
Available physical RAM: 2037.57 MB
Total Pagefile: 6209.14 MB
Available Pagefile: 5352.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.21 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:287.17 GB) (Free:145.01 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.28 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\GOGO
 
Administrator            Daisy                    gogo                     
Guest                    Kids                     
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\Mini011412-01.dmp
C:\Windows\Minidump\Mini032411-01.dmp
C:\Windows\Minidump\Mini032911-01.dmp
C:\Windows\Minidump\Mini052413-01.dmp
C:\Windows\Minidump\Mini061612-01.dmp
C:\Windows\Minidump\Mini062411-01.dmp
C:\Windows\Minidump\Mini071411-01.dmp
C:\Windows\Minidump\Mini072911-01.dmp
C:\Windows\Minidump\Mini080713-01.dmp
C:\Windows\Minidump\Mini083111-01.dmp
C:\Windows\Minidump\Mini090912-01.dmp
C:\Windows\Minidump\Mini120312-01.dmp
C:\Windows\Minidump\Mini120912-01.dmp
C:\Windows\Minidump\Mini121312-01.dmp
C:\Windows\Minidump\Mini121712-01.dmp
 
**** End of log ****
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
Fresh OTL log:
OTL logfile created on: 1/8/2014 8:14:16 AM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gogo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 68.43% Memory free
6.06 Gb Paging File | 5.26 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 145.01 Gb Free Space | 50.50% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.28 Gb Free Space | 11.70% Space Free | Partition Type: NTFS
 
Computer Name: GOGO | User Name: gogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gogo\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\gogo\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (ssrangdr) -- C:\Windows\System32\drivers\ssrangdr.sys (SupportSoft Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:19.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1,: ""
FF - prefs.js..browser.search.defaultenginename,: ""
FF - prefs.js..browser.search.selectedEngine,: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\gogo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com
[2013/11/16 21:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions
[2013/08/01 02:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/07/29 23:39:09 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235)
[2013/06/20 16:53:34 | 000,000,000 | ---D | M] (YouTube™ Anywhere Player) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
[2013/11/16 21:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged
[2013/05/13 21:11:08 | 000,615,445 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/08/01 00:16:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - homepage: http://bing.com/
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Disabled) = C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll
CHR - plugin: Picasa (Disabled) = C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: City Sights - Hello Seattle! = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk\0.2_0\
CHR - Extension: Vaudix = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\
CHR - Extension: Google Wallet = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2014/01/01 09:24:46 | 000,449,836 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C922B5CC-8097-4DF3-B14B-264696D80453}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/08 07:51:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/08 07:46:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/08 07:34:00 | 000,760,063 | ---- | C] (Farbar) -- C:\Users\gogo\Desktop\MiniToolBox.exe
[2014/01/06 07:52:19 | 000,000,000 | ---D | C] -- C:\Users\gogo\Documents\Gabriel
[2014/01/05 12:06:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\gogo\Desktop\aswMBR.exe
[2014/01/03 17:24:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/03 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/31 15:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/08 08:00:35 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/08 08:00:33 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/08 08:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/08 08:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/08 08:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/08 08:00:07 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/08 07:34:09 | 000,760,063 | ---- | M] (Farbar) -- C:\Users\gogo\Desktop\MiniToolBox.exe
[2014/01/08 07:33:55 | 001,233,962 | ---- | M] () -- C:\Users\gogo\Desktop\AdwCleaner.exe
[2014/01/08 00:43:46 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/06 15:29:21 | 000,000,545 | ---- | M] () -- C:\Users\gogo\Desktop\MBR.zip
[2014/01/06 13:24:32 | 000,000,512 | ---- | M] () -- C:\Users\gogo\Desktop\MBR.dat
[2014/01/05 12:08:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\gogo\Desktop\aswMBR.exe
[2014/01/05 12:04:07 | 000,987,410 | ---- | M] () -- C:\Users\gogo\Desktop\SecurityCheck.exe
[2014/01/04 01:03:51 | 000,004,002 | ---- | M] () -- C:\Users\gogo\AppData\Roaming\wklnhst.dat
[2014/01/03 17:53:10 | 000,625,664 | ---- | M] () -- C:\Users\gogo\Desktop\dds.scr
[2014/01/03 17:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/01 09:24:46 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/25 03:58:32 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140101-092446.backup
[2013/12/17 02:04:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/16 23:00:09 | 000,000,100 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/08 07:33:37 | 001,233,962 | ---- | C] () -- C:\Users\gogo\Desktop\AdwCleaner.exe
[2014/01/06 15:29:21 | 000,000,545 | ---- | C] () -- C:\Users\gogo\Desktop\MBR.zip
[2014/01/06 13:24:32 | 000,000,512 | ---- | C] () -- C:\Users\gogo\Desktop\MBR.dat
[2014/01/05 12:03:08 | 000,987,410 | ---- | C] () -- C:\Users\gogo\Desktop\SecurityCheck.exe
[2014/01/03 17:52:30 | 000,625,664 | ---- | C] () -- C:\Users\gogo\Desktop\dds.scr
[2013/12/16 23:00:09 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/23 23:58:32 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/09/19 02:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/09/19 00:21:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GOGO-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/12 21:33:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/12 21:33:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/12 21:33:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/12 21:33:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/12 21:33:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:49:24 | 000,000,036 | ---- | C] () -- C:\Users\gogo\AppData\Local\housecall.guid.cache
[2013/03/15 22:22:28 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/15 22:22:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/11/26 15:39:32 | 000,583,306 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\technic-launcher.jar
[2012/06/16 15:48:43 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/02/07 14:14:11 | 000,000,094 | ---- | C] () -- C:\Windows\EART730.ini
[2011/03/26 18:13:54 | 000,193,536 | ---- | C] () -- C:\Users\gogo\yeah.MSWMM
[2010/07/21 22:53:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/30 13:41:15 | 000,000,069 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences2.dat
[2010/01/30 13:40:21 | 000,000,039 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences.dat
[2009/09/28 18:22:45 | 000,004,002 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\wklnhst.dat
[2009/09/15 16:47:40 | 000,001,356 | ---- | C] () -- C:\Users\gogo\AppData\Local\d3d9caps.dat
[2009/08/28 17:57:16 | 000,119,296 | ---- | C] () -- C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 23:35:33 | 000,000,632 | RHS- | C] () -- C:\Users\gogo\ntuser.pol
[2009/08/22 23:36:47 | 000,024,206 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\UserTile.png
[2009/07/31 10:08:01 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:7757A6D4
 
< End of report >
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
THANK YOU,
NoNo
 


#6 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 08 January 2014 - 11:03 AM

Should I have deleted everything that is quarantined in Spybot S&D. Will all that's quarantined show up in the scans I have been doing? 



#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 08 January 2014 - 09:18 PM

Hi NoNo,
 

Should I have deleted everything that is quarantined in Spybot S&D. Will all that's quarantined show up in the scans I have been doing?

 
No, please don't delete anything at this time.

Any change in regards to the following:
  • Email
  • Internet Explorer performance
  • Windows Updates
How is the computer running, what issues are you experiencing?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#8 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 January 2014 - 02:45 AM

Hi- 
 
1. Email - The last fake email I received was on Jan 6th and it said it was from someone on my Facebook friends list. 
 
2. Internet Explorer - IE continues to freeze, so I loaded it without add-ons and it worked fine. So I disabled and enabled one add-on at a time and saw that it is freezing when I have the Shockwave Flashplayer Object  11.7.700.169 enabled.
 
3. Windows Update - I clicked to check for updates and it instead of taking 10 seconds it took much longer, which I would think meant it was actually checking. But instead of a list of needed updates showing up for me to review and choose (thats what Ive set it to do in settings), it just says  "Restart your computer to install updates. Windows can't update important files and services while the system is using them, Save any open files and restart the computer and then try to check for new updates."  I rebooted and went to Windows Updates and checked to see what had updated. Nothing updated. This is what happens over and over. 
Windows updated shows Most recent check for updates: NEVER
Updates were installed: 10/16/2013
When I viewed update history, the only update there were for Windows Security Essentials, which shows to be everyday. The last Update for Microsoft WIndows or Security update for Microsoft Windows was on 8/13/2013. 
 
I've also noticed that when I click to go to a webpage from links on the browser that another page (usually the last tab I have opened) will flash really quick before the page I want loads. Its no big deal, I just thought I let you know because it hasn't always done this. 
 
Thanks for your help;
NoNo


#9 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 January 2014 - 04:18 AM

Hi again - When checking my email tonight, I clicked on a article that took me to a website that I go to often. While reading the article I noticed that throughout the entire article words had been replaced with :luxury handbags" or "replica watches for sale" in blue. I have never noticed this before. It has never happened on that particular site.

 

Let me know what to do.

 

Thanks. 



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 January 2014 - 09:29 AM

Hi NoNo,

Microsoft has come up with a fix for resetting the Windows Update. Click here .

Make sure that you click on, "FIX IT"

You can always browse to this page:

http://support.microsoft.com/kb/971058

bullseye_zpse9eaf36e.gif Reboot

=========================

Check Windows Updates again and report back the results.

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================


    In your next post please provide the following:
    • Windows Update status
    • ComboFix.txt

     

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 11 January 2014 - 06:51 PM

Hi-   :adios:

Ok, I ran the Microsoft Fix it Tool. It reported that there were 2 issues not fixed. 1. Problem installing recent updates 2. Windows update error. I rebooted and ran Wind Update. The same problems happened. I reran the Fix it tool and the the same 2 issues reported 'not fixed' on the box that popped up. I printed the report and the report shows a green check mark but it says 'fixed'! The same problems happened when I ran Windows Update, I tried the Update again today and it hasn't changed. It says

Most recent check: Never  

Updated Installed: Never

 

ComboFix log:

 

 ComboFix 14-01-08.03 - gogo 01/11/2014  15:58:05.3.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1892 [GMT -8:00]
Running from: c:\users\gogo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\background.html
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\content.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\G_hjatRGNdYa.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\lsdb.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\manifest.json
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\sqlite.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\background.html
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\content.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\lsdb.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\manifest.json
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\newtab.html
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\Pp8H.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\sqlite.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\AkqU_H.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\background.html
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\content.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\lsdb.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\manifest.json
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\sqlite.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\background.html
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\bemvUOIVaW.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\content.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\lsdb.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\manifest.json
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\newtab.html
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\sqlite.js
c:\users\Daisy\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\AkqU_H.js
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\background.html
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\content.js
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\lsdb.js
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\manifest.json
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\sqlite.js
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_njnklmjlkbkemohmohhbfdlhedfokfin_0.localstorage-journal
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_njnklmjlkbkemohmohhbfdlhedfokfin_0.localstorage
c:\users\gogo\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\d81cayud2k@hccw.co.uk\bootstrap.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\d81cayud2k@hccw.co.uk\chrome.manifest
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\d81cayud2k@hccw.co.uk\content\bg.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\d81cayud2k@hccw.co.uk\install.rdf
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\ewn.4uoaa@gaeflcf-.co.uk\bootstrap.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\ewn.4uoaa@gaeflcf-.co.uk\chrome.manifest
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\ewn.4uoaa@gaeflcf-.co.uk\content\bg.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\ewn.4uoaa@gaeflcf-.co.uk\install.rdf
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\kei7xsml@mukic.com\bootstrap.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\kei7xsml@mukic.com\chrome.manifest
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\kei7xsml@mukic.com\content\bg.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\kei7xsml@mukic.com\install.rdf
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\vtn-uyeo@viq-i.com\bootstrap.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\vtn-uyeo@viq-i.com\chrome.manifest
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\vtn-uyeo@viq-i.com\content\bg.js
c:\users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\vtn-uyeo@viq-i.com\install.rdf
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-12 00:08 . 2014-01-12 00:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-12 00:08 . 2014-01-12 00:08 -------- d-----w- c:\users\Kids\AppData\Local\temp
2014-01-12 00:08 . 2014-01-12 00:08 -------- d-----w- c:\users\gogo\AppData\Local\temp
2014-01-12 00:08 . 2014-01-12 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-12 00:08 . 2014-01-12 00:08 -------- d-----w- c:\users\Daisy\AppData\Local\temp
2014-01-11 00:50 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F87FA13E-078C-481E-A095-770FC8B1C3E6}\mpengine.dll
2014-01-10 00:31 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 15:51 . 2014-01-08 15:58 -------- d-----w- C:\AdwCleaner
2014-01-08 15:46 . 2014-01-08 15:46 -------- d-----w- C:\_OTL
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-01-04 01:20 . 2014-01-04 01:20 -------- d-----w- c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-10-02 17:19 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-22 04:38 . 2013-12-06 02:32 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A699D8-EF7F-4443-AAD3-0F551E284981}\gapaengine.dll
2013-10-22 04:38 . 2013-11-07 01:36 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
.
c:\users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk
backup=c:\windows\pss\DFX.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 21:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 16:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-20 16:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-15 05:02 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ   wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-17 04:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 18:15]
.
2014-01-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-14 21:08]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 18:19]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 18:19]
.
2013-08-14 c:\windows\Tasks\HPCeeScheduleForKids.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2014-01-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-14 21:07]
.
2013-05-14 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-14 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = 
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Exetender - c:\program files\Free Ride Games\GPlayer.exe
MSConfigStartUp-Facebook Update - c:\users\gogo\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-11 16:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
¿Fj¿Gj¿H [46065510] 0x00750541
¿Fj¿Gj¿H [46065510] 0x00360059
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\gogo\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Completion time: 2014-01-11  16:11:50
ComboFix-quarantined-files.txt  2014-01-12 00:11
ComboFix2.txt  2013-08-13 05:53
.
Pre-Run: 155,515,461,632 bytes free
Post-Run: 156,326,629,376 bytes free
.
- - End Of File - - 44B7137AB529D964EF82EC2EDE4278A3
588AE8F0C685C02BA11F30D9CD7E61A0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
Let me know what to do next! 
-NoNo


#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 January 2014 - 08:57 PM

Hi NoNo,

bullseye_zpse9eaf36e.gif System File Checker (SFC)

  • Click on the Start button and in the Search programs and files box type the following:
    • command
  • Don't press Enter, just let the search results populate above.
  • In the search results, locate the Programs section.
  • Locate the Command Prompt shortcut and right-click on it.
  • Select Run as administrator.
  • Click Yes on the User Account Control window that appears.
  • Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
  • Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
  • An elevated Command Prompt window will appear.
    • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
  • After the scan runs type exit to close the command prompt window

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

Attempt to get Windows updates. If unsuccessful, please try this other Microsoft "Fix It".

bullseye_zpse9eaf36e.gif Reboot again

=========================

Try again to get Windows Updates. If you receive any error codes please include them in your next reply.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 13 January 2014 - 10:42 AM

I ran the System File Checker. It said it was "Beginning System Scan. This process could take some time."

Immediatly, the following message appeared on the checker:

"There is a system repair pending which requires reboot to complete. Restart and run sfc again."

 

So I rebooted and tried it again. I received the same message.  :wall:

 

I did not run the Microsoft Fix it tool yet.  

Ill wait for your instructions. :pepsi:

 

Thank you!



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 January 2014 - 02:39 PM

Hi NoNo,

bullseye_zpse9eaf36e.gif Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "chkdsk /f" (make note of the space between chkdsk and /)
=========================

bullseye_zpse9eaf36e.gif To view results log:
  • Open the Start Menu, and type eventvwr.msc in the search box and press enter.
  • If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
  • In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
  • Copy and paste Chkdsk into the line, and click on Find Next.
  • You will now see the system log for the scan results of Check Disk (chkdsk).
  • In the right had menu select copy, open notepad and paste the chkdsk results into notepad
  • Post in your next reply.
=========================
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 15 January 2014 - 09:45 PM

Hi - I tried to run chkdsk /f and this is the message I received:

"The type of file system is NTFS. Cannot lock current drive.

Cannot run because the volume is in use by another process. Would you like to schedule the volume to be checked the next time the system restart? Y/N" 

I chose yes. Then after rebooting, I looked up the log file as instructed. The date on the log file was from Sept., 2013.

 

:wacko:

-NoNo


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users