Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

igfxsrvc.exe is blocking programs from running [Closed]


  • This topic is locked This topic is locked
29 replies to this topic

#1 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 26 July 2014 - 08:08 PM

I'm not really sure but the program in the topic pops up in task manager when I try to open certain programs mostly stock programs, and I have shopping ads all over my pages in chrome

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:59:54 PM, on 7/26/2014
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Safe mode with network support
 
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\JA\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: pricechop - {3BE88511-B326-81BE-6942-856F42F52531} - C:\Program Files\pricechop\d_KgccFW0_.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 545" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: vseamps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 11760 bytes
 

 

 

 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 10:27 AM

Hi raymon823,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 28 July 2014 - 05:45 PM

 Results of screen317's Security Check version 0.99.86  
 Windows Vista  x86 (UAC is enabled)  
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Common Files Authentium AntiVirus5 vsedsps.exe 
 Common Files Authentium AntiVirus5 vseamps.exe 
 iolo Common Lib ioloServiceManager.exe 
 iolo System Mechanic Professional iologovernor.exe  
 iolo System Mechanic Professional System Shield ioloSSTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-28 18:35:40
-----------------------------
18:35:40.422    OS Version: Windows 6.0.6000 
18:35:40.422    Number of processors: 2 586 0xF0A
18:35:40.423    ComputerName: MALACHI-PC  UserName: JA
18:35:49.836    Initialize success
18:35:49.850    VM: initialized successfully
18:35:49.879    VM: Intel CPU BiosDisabled 
18:36:10.940    VM: disk I/O atapi.sys
18:42:31.321    AVAST engine defs: 14072802
18:42:39.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:42:39.581    Disk 0 Vendor: TOSHIBA_MK2035GSS DK022A Size: 190782MB BusType: 3
18:42:39.584    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000005c
18:42:39.587    Disk 1 Vendor: (  Size: 190782MB BusType: 0
18:42:39.590    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000005d
18:42:39.594    Disk 2 Vendor: (  Size: 190782MB BusType: 0
18:42:40.056    Disk 0 MBR read successfully
18:42:40.059    Disk 0 MBR scan
18:42:40.138    Disk 0 Windows VISTA default MBR code
18:42:40.163    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         7661 MB offset 2048
18:42:40.196    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       183119 MB offset 15693824
18:42:40.205    Disk 0 scanning sectors +390721968
18:42:40.856    Disk 0 scanning C:\Windows\system32\drivers
18:42:57.327    Service scanning
18:43:35.412    Modules scanning
18:44:08.182    Disk 0 trace - called modules:
18:44:08.206    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
18:44:08.212    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855d0608]
18:44:08.216    3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x84b3b548]
18:44:08.221    5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84b3b660]
18:44:09.373    AVAST engine scan C:\Windows
18:44:13.688    AVAST engine scan C:\Windows\system32
18:47:28.624    AVAST engine scan C:\Windows\system32\drivers
18:47:43.936    AVAST engine scan C:\Users\JA
19:01:09.904    AVAST engine scan C:\ProgramData
19:03:40.287    Scan finished successfully
19:25:20.342    Disk 0 MBR has been saved successfully to "C:\Users\JA\Desktop\MBR.dat"
19:25:20.370    The log file has been saved successfully to "C:\Users\JA\Desktop\aswMBR.txt"
 
 
 


#4 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 28 July 2014 - 06:14 PM

OTL logfile created on: 7/28/2014 7:48:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JA\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.32% Memory free
6.16 Gb Paging File | 3.32 Gb Available in Paging File | 53.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.83 Gb Total Space | 131.72 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive F: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MALACHI-PC | User Name: JA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\JA\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JA\AppData\Local\Temp\5b8c8eba4ce2448494333f0484609844\filesys.dll ()
MOD - C:\Users\JA\AppData\Local\Temp\5b8c8eba4ce2448494333f0484609844\http.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\JA\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll ()
MOD - C:\Users\JA\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Commtouch, Inc.)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nkrxvarp) -- C:\Windows\system32\drivers\nkrxvarp.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\JA\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswVmm) -- C:\Users\JA\AppData\Local\Temp\aswVmm.sys File not found
DRV - (aswMBR) -- C:\Users\JA\AppData\Local\Temp\aswMBR.sys File not found
DRV - (FileDisk) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (PDFsFilter) -- C:\Windows\System32\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (AMP) -- C:\Windows\System32\drivers\amp.sys (Commtouch, Inc.)
DRV - (AMPSE) -- C:\Windows\System32\drivers\ampse.sys (Commtouch, Inc.)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (RT-USB) -- C:\Windows\System32\drivers\RT-USB.SYS (Ross-Tech LLC)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2
IE - HKLM\..\SearchScopes\{D15ED2FC-3DD4-4C5E-9422-B92696D8B9E2}: "URL" = http://search.aol.co...ionType=sny_ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.adobe.com/offer/94603h [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3EEB157E-417C-4087-9E33-639B3622F640}
IE - HKCU\..\SearchScopes\{3EEB157E-417C-4087-9E33-639B3622F640}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2
IE - HKCU\..\SearchScopes\{D15ED2FC-3DD4-4C5E-9422-B92696D8B9E2}: "URL" = http://search.aol.co...ionType=sny_ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit! = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: Google Wallet = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: No name found = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkpggjmfgipifpkfffffknfciiihilg\3.9\
CHR - Extension: AddThis - Share & Bookmark (old) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pannmpobbfegpjngknbghelclaalbfob\2.0_0\
CHR - Extension: Gmail = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (pricechop) - {3BE88511-B326-81BE-6942-856F42F52531} - C:\Program Files\pricechop\d_KgccFW0_.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {45504E32-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [SearchProtection] C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A7B858-59F0-4E52-9C89-A89EF59ED55A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell - "" = AutoRun
O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\JA\AppData\Roaming\iolo\)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (Ұ)
O34 - HKLM BootExecute: (K)
O34 - HKLM BootExecute: (<Product GUID="36ED6646-A91F-4078-8781-9F2EB056D706" Name="DriveScrubber">)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/28 18:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe
[2014/07/28 18:20:42 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe
[2014/07/26 21:55:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/26 18:02:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/26 18:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/26 18:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/26 18:02:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/07/26 18:01:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/07/26 18:01:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/26 18:00:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/25 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/07/25 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/25 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Dropbox
[2014/07/25 19:28:47 | 036,818,984 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/07/25 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/07/23 07:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/23 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/07/21 17:30:51 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2014/07/21 17:30:51 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/07/21 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2014/07/21 16:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/07/21 16:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusted Publisher
[2014/07/21 16:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC_Booster
[2014/07/21 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\pricechop
[2014/07/21 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\pricechop
[2014/07/21 16:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\2041ed45e14bc565
[2014/07/21 16:10:51 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Torch
[2014/07/21 16:10:51 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Chromatic Browser
[2014/07/21 16:10:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Comodo
[2014/07/21 15:55:08 | 000,426,496 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\JA\Desktop\odin3 v1.85.exe
[2014/07/08 14:48:33 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Search Protection
[2014/06/29 11:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/06/29 11:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/06/28 21:45:02 | 000,851,176 | ---- | C] (Microsoft Corporation) -- C:\Users\JA\Desktop\winusbcoinstaller2.abc.dll
[2014/06/28 21:44:40 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Users\JA\Desktop\WdfCoInstaller01009.usb.dll
[2014/06/28 21:26:28 | 000,000,000 | ---D | C] -- C:\usb_driver
[2014/06/28 21:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\YiHiEcigar
[2014/06/28 21:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YiHi SXi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/28 19:44:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\SaveSense.job
[2014/07/28 19:41:41 | 000,000,558 | ---- | M] () -- C:\Users\JA\Desktop\MBR.zip
[2014/07/28 19:31:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/28 19:25:20 | 000,000,512 | ---- | M] () -- C:\Users\JA\Desktop\MBR.dat
[2014/07/28 19:19:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/28 19:07:46 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/28 19:07:46 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/28 18:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe
[2014/07/28 18:24:24 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini
[2014/07/28 18:21:00 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe
[2014/07/28 18:17:17 | 000,854,390 | ---- | M] () -- C:\Users\JA\Desktop\SecurityCheck.exe
[2014/07/28 18:07:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/28 09:32:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/27 12:49:39 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/27 12:48:52 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/26 17:34:31 | 000,001,356 | ---- | M] () -- C:\Users\JA\AppData\Local\d3d9caps.dat
[2014/07/26 11:46:49 | 000,000,834 | ---- | M] () -- C:\Users\JA\Desktop\Norton Installation Files.lnk
[2014/07/25 21:58:13 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/25 19:29:12 | 036,818,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/07/23 07:00:02 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/23 06:45:15 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/21 19:28:16 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/21 19:28:16 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/21 16:17:55 | 000,000,196 | ---- | M] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe
[2014/07/21 16:12:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/21 15:53:24 | 010,700,862 | ---- | M] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5
[2014/07/21 15:53:20 | 001,206,230 | ---- | M] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip
[2014/07/21 15:50:34 | 000,203,289 | ---- | M] () -- C:\Users\JA\Desktop\Odin3v185.zip
[2014/07/17 20:57:22 | 016,302,088 | ---- | M] () -- C:\Users\JA\Desktop\show_6550689.mp3
[2014/07/17 20:33:52 | 000,000,000 | ---- | M] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3
[2014/07/11 15:58:56 | 000,001,614 | ---- | M] () -- C:\Users\JA\Desktop\Calculator.lnk
[2014/07/08 14:48:22 | 000,000,754 | ---- | M] () -- C:\Users\JA\Desktop\µTorrent.lnk
[2014/07/08 14:48:22 | 000,000,734 | ---- | M] () -- C:\Users\JA\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/08 14:19:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/08 14:19:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/01 17:23:51 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/06/30 18:15:34 | 000,069,449 | ---- | M] () -- C:\Users\JA\Desktop\SX350_3KEY_YH_Logo_20140626_Support_old_bootloader_V2.0.SXI
[2014/06/29 21:14:20 | 000,069,449 | ---- | M] () -- C:\Users\JA\Desktop\SX350_3kEY_YH_Log_20140626_Support_old_bootloader_V2.0 (1).SXI
[2014/06/29 11:22:08 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/29 11:22:08 | 000,001,919 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/28 21:45:59 | 000,007,223 | ---- | M] () -- C:\Users\JA\Desktop\winusbcompat.cat
[2014/06/28 21:45:24 | 000,006,566 | ---- | M] () -- C:\Users\JA\Desktop\YiHiEcigar Device Driver_For Windows XP and 7.inf
[2014/06/28 21:44:57 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Users\JA\Desktop\winusbcoinstaller2.abc.dll
[2014/06/28 21:44:36 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Users\JA\Desktop\WdfCoInstaller01009.usb.dll
[2014/06/28 21:44:13 | 000,004,096 | ---- | M] () -- C:\Users\JA\Desktop\_winusbcoinstaller2.abc.dll
[2014/06/28 21:43:50 | 000,004,096 | ---- | M] () -- C:\Users\JA\Desktop\_WdfCoInstaller01009.usb.dll
[2014/06/28 21:25:17 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\SXi.lnk
[2014/06/28 20:59:55 | 054,617,600 | ---- | M] () -- C:\Users\JA\Desktop\YiHi SXi Setup-v20140613-1135.msi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/28 19:41:41 | 000,000,558 | ---- | C] () -- C:\Users\JA\Desktop\MBR.zip
[2014/07/28 19:25:20 | 000,000,512 | ---- | C] () -- C:\Users\JA\Desktop\MBR.dat
[2014/07/28 18:17:14 | 000,854,390 | ---- | C] () -- C:\Users\JA\Desktop\SecurityCheck.exe
[2014/07/27 12:48:51 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2014/07/26 18:02:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/26 18:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/26 18:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/26 18:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/26 18:02:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/23 07:00:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/21 16:16:40 | 000,000,196 | ---- | C] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe
[2014/07/21 15:55:08 | 000,000,182 | ---- | C] () -- C:\Users\JA\Desktop\Odin3.ini
[2014/07/21 15:53:31 | 010,700,862 | ---- | C] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5
[2014/07/21 15:53:27 | 001,206,230 | ---- | C] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip
[2014/07/21 15:53:23 | 000,203,289 | ---- | C] () -- C:\Users\JA\Desktop\Odin3v185.zip
[2014/07/17 21:16:30 | 016,302,088 | ---- | C] () -- C:\Users\JA\Desktop\show_6550689.mp3
[2014/07/17 20:33:48 | 000,000,000 | ---- | C] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3
[2014/07/11 15:58:56 | 000,001,614 | ---- | C] () -- C:\Users\JA\Desktop\Calculator.lnk
[2014/06/30 18:15:41 | 000,069,449 | ---- | C] () -- C:\Users\JA\Desktop\SX350_3KEY_YH_Logo_20140626_Support_old_bootloader_V2.0.SXI
[2014/06/29 21:14:25 | 000,069,449 | ---- | C] () -- C:\Users\JA\Desktop\SX350_3kEY_YH_Log_20140626_Support_old_bootloader_V2.0 (1).SXI
[2014/06/29 11:22:08 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/29 11:22:03 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/28 21:46:03 | 000,007,223 | ---- | C] () -- C:\Users\JA\Desktop\winusbcompat.cat
[2014/06/28 21:45:29 | 000,006,566 | ---- | C] () -- C:\Users\JA\Desktop\YiHiEcigar Device Driver_For Windows XP and 7.inf
[2014/06/28 21:44:20 | 000,004,096 | ---- | C] () -- C:\Users\JA\Desktop\_winusbcoinstaller2.abc.dll
[2014/06/28 21:43:57 | 000,004,096 | ---- | C] () -- C:\Users\JA\Desktop\_WdfCoInstaller01009.usb.dll
[2014/06/28 21:25:16 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\SXi.lnk
[2014/06/28 21:00:08 | 054,617,600 | ---- | C] () -- C:\Users\JA\Desktop\YiHi SXi Setup-v20140613-1135.msi
[2014/06/26 12:19:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/06/16 21:04:10 | 001,030,676 | ---- | C] () -- C:\Program Files\Navi-X-v37_8.zip
[2014/04/26 16:47:05 | 000,001,356 | ---- | C] () -- C:\Users\JA\AppData\Local\d3d9caps.dat
[2014/04/26 09:43:42 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini
[2014/04/25 21:28:28 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/12/13 16:11:23 | 000,000,079 | ---- | C] () -- C:\Windows\EWF545.ini
[2013/11/23 21:27:47 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat
[2013/11/23 21:26:02 | 000,000,058 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2013/11/23 12:37:45 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2013/11/23 12:33:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2013/11/23 12:22:08 | 001,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2013/11/06 16:42:12 | 000,005,360 | ---- | C] () -- C:\Windows\System32\AdpeakProxy.ini
[2013/11/06 16:32:48 | 000,002,312 | ---- | C] () -- C:\Windows\System32\AdpeakProxyOff.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 23:50:29 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/11/23 23:36:47 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/07/25 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Dropbox
[2014/05/07 17:08:06 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Epson
[2014/06/26 08:48:04 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\iolo
[2014/04/26 09:39:51 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\ioloGovernor
[2013/12/13 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Leadertech
[2014/07/25 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\newnext.me
[2014/03/10 07:16:21 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Oracle
[2014/01/05 00:44:22 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\SaveSense
[2014/07/08 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Search Protection
[2014/07/14 07:23:51 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\Spotify
[2014/06/26 10:44:09 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\SystemRequirementsLab
[2014/07/28 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\uTorrent
[2014/07/09 22:00:27 | 000,000,000 | ---D | M] -- C:\Users\JA\AppData\Roaming\XBMC
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2013/11/23 23:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2013/11/23 23:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2013/11/23 23:47:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2013/11/23 23:47:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2014/04/25 14:13:48 | 004,818,904 | ---- | M] (Safer-Networking Ltd.) MD5=CFA31529D7102F09309DDCDD223449AE -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2013/11/23 23:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true >
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 05:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2006/11/02 05:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2013/11/23 22:31:20 | 000,750,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2006/11/02 05:46:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/11/23 23:45:18 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2013/12/02 18:57:10 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2006/11/02 05:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2006/11/02 05:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2013/11/23 23:36:51 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2006/11/02 05:46:03 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2013/11/23 23:25:35 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006/11/02 05:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 05:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2006/11/02 05:46:05 | 000,286,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2013/11/24 00:13:00 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2006/11/02 05:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2006/11/02 05:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2006/11/02 05:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2006/11/02 05:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2006/11/02 05:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006/11/02 05:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2013/11/23 23:38:22 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/11/23 23:45:18 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006/11/02 08:34:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 05:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2006/11/02 05:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2013/11/23 23:36:51 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2006/11/02 05:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/11/23 23:45:18 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2006/11/02 08:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006/11/02 05:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006/11/02 05:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2007/08/24 20:39:59 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2013/11/23 23:38:16 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2006/11/02 05:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006/11/02 05:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2006/11/02 05:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2006/11/02 05:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2006/11/02 05:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006/11/02 05:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2006/11/02 08:36:16 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2007/08/24 20:39:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 05:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2007/08/24 20:43:42 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006/11/02 08:34:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2006/11/02 05:45:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006/11/02 05:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2006/11/02 05:46:16 | 001,568,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2006/11/02 05:46:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2013/11/24 00:09:49 | 000,502,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2013/11/23 23:57:21 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK2035GSS ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - 
Interface type: 
Media Type: 
Model: MemoryStick0 Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 - 
Interface type: 
Media Type: 
Model: SD1 Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 179.00GB
Starting Offset: 8035237888
Hidden sectors: 0
 
 
< End of report >
 
 

OTL Extras logfile created on: 7/28/2014 7:48:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JA\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.32% Memory free
6.16 Gb Paging File | 3.32 Gb Available in Paging File | 53.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.83 Gb Total Space | 131.72 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive F: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MALACHI-PC | User Name: JA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5B0F92-DF68-4D64-857D-835841120EB5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1DC52703-A645-44B2-B4E8-43B3ABA5C40A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27B3E4BC-CF69-4853-9045-0449F1A23DC5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2BBC46C5-2653-4E5E-88E0-C7E673646017}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31CC533D-8607-4382-8CC6-D1234C8B2792}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48F4FA66-A148-4A6C-B944-CA07EFEED346}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4ABBC0F6-2BC6-46E7-BAE6-B88E7C4F381D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5111B1AE-9FEC-4DAF-ACBF-41CB06A3E2F8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{61568BE0-B3E0-465A-A022-52DA81F5A574}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{6908F1A1-761F-4988-B8F6-1C2FCF6CBD6D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6A595D86-708C-4E59-BBDB-71104C09BA45}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F4B68D6-23A9-4ADF-8CC4-84E96397288B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{84EEEE6D-BE67-49F2-A086-B9055B09F75A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9E46F696-7FF5-4E24-93FA-9E62D95CB671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACA00CFA-8A20-46A3-A30D-3215FA1AFCEB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CA1C7324-812A-4114-8661-C316B1C509BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D685E640-DB28-44A2-AE33-4CF4CD85B890}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D69D185F-716B-44A6-8EDA-21F05F701D9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F2AEDCA7-C515-45B2-B199-8E254A8B85AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F823930B-420E-47CA-ADF2-AC5C33F1C771}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135CA2F5-F78A-4ED1-8FE9-639D76D98629}" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe | 
"{1654C333-3D16-4989-B0D3-32534605423D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24D6E977-9D39-4AF5-AC26-EE08D89A72DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31D52F28-E38B-41DB-8518-EB87E00098A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{330D4E74-6143-4C9E-8E76-B16D662369C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{35C6DA2B-57F5-490F-BB1C-7BD060B6CC19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B89D9C7-0082-41BC-8FCF-BD02B03CE63F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5ED1125D-EBF0-44CD-911A-1D52801239BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E523B4C-3E7C-4BED-ABB3-A381A594CA2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A7F9325-BDCB-447E-9079-7F4CBB1F566E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7B307A5D-49F7-404B-8EAE-FB8B35CF07BD}" = protocol=6 | dir=out | app=system | 
"{7F6AEDAF-FBB2-4054-93FF-9C1880EE8E1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{87739FD6-DA3E-472B-85FC-5309BD49EF4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89EA0DE0-EE8C-4A1F-B2A2-434A49880867}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{8DEA68B7-B99E-4B9B-BA44-5F010D638564}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91290ED8-331D-49FA-A70E-D7B149A7AB79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8E41BE1-0EC9-4C14-96D7-BFF11189F0C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9C89538-64B4-466E-A030-FA6863A3636B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B057F32F-D2B9-4CAE-8AAA-23FC18D3F2E3}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | 
"{B1ABFC9C-1A10-4355-9625-41853C111AE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B98E92C8-B261-4C6D-B4FA-6638C8912817}" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CB9413CF-64D8-4E99-B4BC-CE0F6A4F5432}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D11A8809-A5A7-4CBC-8513-D75721434497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF0070DB-2E53-44AF-A7D1-F9F4B0988D74}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E999595B-2611-47B9-A23A-983E218C9BDE}" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe | 
"{EE839B70-A74D-4F76-9602-B79B36C3BEFF}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe | 
"{F45380A7-DC69-4EB7-92E4-91B2032A3830}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F8157235-999D-4187-B84C-05E86B0FFB8F}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe | 
"{FDDEEE1D-85E4-4139-89C9-42D82284E716}" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2562908E-C3FC-4F9B-949B-67BEFDF2DDD2}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{46104669-E7DE-43D8-8BE9-D04C48A11CF9}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{548586BF-E1B5-4AD0-B7B4-3BBBFB2F7E5D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{769C7F4E-972B-45D8-9EFA-A6D625AA2202}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{94491450-CEEC-4423-AA6D-048B6EF2B4C8}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe | 
"TCP Query User{B4B89A56-93EB-4C31-882C-8ECE0EFD695E}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{E0B7CE55-CCED-410C-99D7-938AA49DDD18}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe | 
"TCP Query User{E43FDD0D-279E-460B-9F2E-433A51A13AE7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{3A6B3317-71B5-4270-B8B8-D7F19164E965}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8E06CD04-6F71-4B8E-9BBF-97808D1054D8}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{960CA55C-CDF7-402B-B689-8744E17089CD}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{969F3E08-EC04-4E48-875B-A7251ABC1BBF}C:\users\ja\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9F36B833-BB71-4AE4-AF13-24D823E2B1FD}C:\users\ja\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\ja\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{AB2FD7D9-86E4-4A52-AEA8-12499F9D9B75}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe | 
"UDP Query User{BD744AF9-672E-47EA-87C5-9CA3700E767B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{CFBD8031-DF6B-49B5-80CE-6AAE41AC820E}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel
"{0A37EE62-9A58-420D-90CC-4E52153112EE}" = iTunes
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE
"{1E5E7177-5156-4541-B8D5-B0C7E9064329}" = System Mechanic 12 Professional
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{286B09BC-F9BD-4F71-B767-2AE0CE2F8CE5}" = ScorpionSaver Services
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{359DF682-BC8F-429D-AB6D-3C8002099F38}" = VAIO Content Metadata Intelligent Analyzing Manager
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer  VAIO Content Exporter
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{32148148}" = PC_Sustainer 1.80
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" = 
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9B4D16A7-393F-470C-8B9F-74AE1EA6C105}" = LeapFrog Connect
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{BFB2410B-5DB8-4FA6-BC75-65A1DECD55B5}" = YiHi SXi
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E58AB36F-9D50-4969-9228-AC24270741BF}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FC161371-B8B2-4BA7-97F7-82319C76333E}" = LeapFrog Tag Junior Plugin
"{FDB962F0-B5B8-9460-D12F-7966E97BAA43}" = pricechop
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"UPCShell" = LeapFrog Connect
"VAIO Service Utility" = VAIO Service Utility
"VCDS Release 12.12" = VCDS Release 12.12.2
"WinRAR archiver" = WinRAR 5.10 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Search Protection" = Search Protection
"Spotify" = Spotify
"uTorrent" = µTorrent
"XBMC" = XBMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/28/2014 11:25:27 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
 
Error - 7/28/2014 11:25:28 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/28/2014 11:25:28 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6178
 
Error - 7/28/2014 11:25:28 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6178
 
Error - 7/28/2014 11:25:29 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/28/2014 11:25:29 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7192
 
Error - 7/28/2014 11:25:29 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7192
 
Error - 7/28/2014 11:25:30 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/28/2014 11:25:30 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8222
 
Error - 7/28/2014 11:25:30 AM | Computer Name = Malachi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8222
 
[ iolo Applications Events ]
Error - 6/17/2014 4:04:56 AM | Computer Name = Malachi-PC | Source = System Shield | ID = 20
Description = Failed to install DAT file C:\ProgramData\iolo\System Shield\antivir-i-201406162210.cab
 
Error
 message: Unspecified error
 
Error - 6/17/2014 6:15:55 PM | Computer Name = Malachi-PC | Source = Service Manager | ID = 1
Description = Exception occured on service shutdown   Error message: System Error. 
 Code: 1115.  A system shutdown is in progress
 
Error - 6/17/2014 7:22:11 PM | Computer Name = Malachi-PC | Source = System Shield | ID = 11
Description = The definition downloading job failed.   Job name: Defs update   Error code:
 -2147012894
 
[ System Events ]
Error - 5/11/2014 8:55:59 AM | Computer Name = Malachi-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 5/11/2014 8:56:20 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 5/11/2014 8:56:20 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 5/11/2014 8:56:20 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 5/11/2014 8:56:26 AM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 5/11/2014 8:56:44 AM | Computer Name = Malachi-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 5/14/2014 5:48:00 PM | Computer Name = Malachi-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 5/15/2014 8:50:20 AM | Computer Name = Malachi-PC | Source = WPDMTPDriver | ID = 80836
Description = 
 
Error - 5/15/2014 9:01:10 AM | Computer Name = Malachi-PC | Source = WPDMTPDriver | ID = 80836
Description = 
 
Error - 5/15/2014 9:05:18 AM | Computer Name = Malachi-PC | Source = WPDMTPDriver | ID = 80836
Description = 
 
 
< End of report >
 


#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 10:17 PM

Hi raymon823,

Did you run ComboFix on 07/26/2104?
What Anti-Virus program are you using?
Is there any particular reason why you don't have either Vista Service Pack 1 & 2 (SP1 & 2) installed?

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    PRC - C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...7766181479&UM=2
    O2 - BHO: (pricechop) - {3BE88511-B326-81BE-6942-856F42F52531} - C:\Program Files\pricechop\d_KgccFW0_.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {45504E32-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
    O4 - HKCU..\Run: [SearchProtection] C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    O4 - HKCU..\Run: [uTorrent] C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    [2014/07/21 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\pricechop
    [2014/07/21 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\pricechop
    [2014/07/08 14:48:33 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Search Protection
    
    :Files
    C:\Windows\system32\drivers\nkrxvarp.sys
    C:\Users\JA\AppData\Roaming\uTorrent
    
    :Services
    nkrxvarp
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:


  • Answer to my questions
  • OTL fix log
  • Fresh OTL.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 29 July 2014 - 01:02 PM

Yes I did run combo fix, I did have avast antivirus free version. I have noton 360 but this pc is missing the serice pacs needed.  As far as why they are missing Im not sure, I have automatic updates on but its not working.  The last time I installed them manually something went wrong and I had to wipe my hard drive and start from scratch.

 

OTL logfile created on: 7/29/2014 2:48:16 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JA\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.49% Memory free
6.16 Gb Paging File | 3.98 Gb Available in Paging File | 64.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.83 Gb Total Space | 130.01 Gb Free Space | 72.70% Space Free | Partition Type: NTFS
Drive F: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MALACHI-PC | User Name: JA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JA\AppData\Local\Temp\942f6db57367433cbed3cd47a81da550\filesys.dll ()
MOD - C:\Users\JA\AppData\Local\Temp\942f6db57367433cbed3cd47a81da550\http.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Commtouch, Inc.)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\JA\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (FileDisk) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (PDFsFilter) -- C:\Windows\System32\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (AMP) -- C:\Windows\System32\drivers\amp.sys (Commtouch, Inc.)
DRV - (AMPSE) -- C:\Windows\System32\drivers\ampse.sys (Commtouch, Inc.)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (RT-USB) -- C:\Windows\System32\drivers\RT-USB.SYS (Ross-Tech LLC)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKLM\..\SearchScopes\{D15ED2FC-3DD4-4C5E-9422-B92696D8B9E2}: "URL" = http://search.aol.co...ionType=sny_ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.adobe.com/offer/94603h [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3EEB157E-417C-4087-9E33-639B3622F640}
IE - HKCU\..\SearchScopes\{3EEB157E-417C-4087-9E33-639B3622F640}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{D15ED2FC-3DD4-4C5E-9422-B92696D8B9E2}: "URL" = http://search.aol.co...ionType=sny_ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit! = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: Google Wallet = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: No name found = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkpggjmfgipifpkfffffknfciiihilg\3.9\
CHR - Extension: AddThis - Share & Bookmark (old) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pannmpobbfegpjngknbghelclaalbfob\2.0_0\
CHR - Extension: Gmail = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A7B858-59F0-4E52-9C89-A89EF59ED55A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell - "" = AutoRun
O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\JA\AppData\Roaming\iolo\)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (Ұ)
O34 - HKLM BootExecute: (K)
O34 - HKLM BootExecute: (<Product GUID="36ED6646-A91F-4078-8781-9F2EB056D706" Name="DriveScrubber">)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/29 06:50:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/28 18:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe
[2014/07/28 18:20:42 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe
[2014/07/26 21:55:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/26 18:02:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/26 18:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/26 18:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/26 18:02:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/07/26 18:01:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/07/26 18:01:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/26 18:00:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/25 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/07/25 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/25 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Dropbox
[2014/07/25 19:28:47 | 036,818,984 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/07/25 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/07/23 07:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/23 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/07/21 17:30:51 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2014/07/21 17:30:51 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/07/21 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2014/07/21 16:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/07/21 16:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusted Publisher
[2014/07/21 16:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC_Booster
[2014/07/21 16:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\2041ed45e14bc565
[2014/07/21 16:10:51 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Torch
[2014/07/21 16:10:51 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Chromatic Browser
[2014/07/21 16:10:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Comodo
[2014/07/21 15:55:08 | 000,426,496 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\JA\Desktop\odin3 v1.85.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/29 14:43:59 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\SaveSense.job
[2014/07/29 14:32:44 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/29 14:32:14 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini
[2014/07/29 14:32:09 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/29 14:32:09 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/29 14:31:37 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/29 14:31:37 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/29 14:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/29 14:31:18 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/29 13:18:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/28 19:41:41 | 000,000,558 | ---- | M] () -- C:\Users\JA\Desktop\MBR.zip
[2014/07/28 19:25:20 | 000,000,512 | ---- | M] () -- C:\Users\JA\Desktop\MBR.dat
[2014/07/28 18:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe
[2014/07/28 18:21:00 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe
[2014/07/28 18:17:17 | 000,854,390 | ---- | M] () -- C:\Users\JA\Desktop\SecurityCheck.exe
[2014/07/26 17:34:31 | 000,001,356 | ---- | M] () -- C:\Users\JA\AppData\Local\d3d9caps.dat
[2014/07/26 11:46:49 | 000,000,834 | ---- | M] () -- C:\Users\JA\Desktop\Norton Installation Files.lnk
[2014/07/25 21:58:13 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/25 19:29:12 | 036,818,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/07/23 07:00:02 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/23 06:45:15 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/21 19:28:16 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/21 19:28:16 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/21 16:17:55 | 000,000,196 | ---- | M] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe
[2014/07/21 16:12:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/21 15:53:24 | 010,700,862 | ---- | M] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5
[2014/07/21 15:53:20 | 001,206,230 | ---- | M] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip
[2014/07/21 15:50:34 | 000,203,289 | ---- | M] () -- C:\Users\JA\Desktop\Odin3v185.zip
[2014/07/17 20:57:22 | 016,302,088 | ---- | M] () -- C:\Users\JA\Desktop\show_6550689.mp3
[2014/07/17 20:33:52 | 000,000,000 | ---- | M] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3
[2014/07/11 15:58:56 | 000,001,614 | ---- | M] () -- C:\Users\JA\Desktop\Calculator.lnk
[2014/07/08 14:48:22 | 000,000,734 | ---- | M] () -- C:\Users\JA\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/08 14:19:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/08 14:19:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/01 17:23:51 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/06/30 18:15:34 | 000,069,449 | ---- | M] () -- C:\Users\JA\Desktop\SX350_3KEY_YH_Logo_20140626_Support_old_bootloader_V2.0.SXI
[2014/06/29 21:14:20 | 000,069,449 | ---- | M] () -- C:\Users\JA\Desktop\SX350_3kEY_YH_Log_20140626_Support_old_bootloader_V2.0 (1).SXI
 
========== Files Created - No Company Name ==========
 
[2014/07/28 19:41:41 | 000,000,558 | ---- | C] () -- C:\Users\JA\Desktop\MBR.zip
[2014/07/28 19:25:20 | 000,000,512 | ---- | C] () -- C:\Users\JA\Desktop\MBR.dat
[2014/07/28 18:17:14 | 000,854,390 | ---- | C] () -- C:\Users\JA\Desktop\SecurityCheck.exe
[2014/07/27 12:48:51 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2014/07/26 18:02:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/26 18:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/26 18:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/26 18:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/26 18:02:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/23 07:00:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/21 16:16:40 | 000,000,196 | ---- | C] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe
[2014/07/21 15:55:08 | 000,000,182 | ---- | C] () -- C:\Users\JA\Desktop\Odin3.ini
[2014/07/21 15:53:31 | 010,700,862 | ---- | C] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5
[2014/07/21 15:53:27 | 001,206,230 | ---- | C] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip
[2014/07/21 15:53:23 | 000,203,289 | ---- | C] () -- C:\Users\JA\Desktop\Odin3v185.zip
[2014/07/17 21:16:30 | 016,302,088 | ---- | C] () -- C:\Users\JA\Desktop\show_6550689.mp3
[2014/07/17 20:33:48 | 000,000,000 | ---- | C] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3
[2014/07/11 15:58:56 | 000,001,614 | ---- | C] () -- C:\Users\JA\Desktop\Calculator.lnk
[2014/06/30 18:15:41 | 000,069,449 | ---- | C] () -- C:\Users\JA\Desktop\SX350_3KEY_YH_Logo_20140626_Support_old_bootloader_V2.0.SXI
[2014/06/29 21:14:25 | 000,069,449 | ---- | C] () -- C:\Users\JA\Desktop\SX350_3kEY_YH_Log_20140626_Support_old_bootloader_V2.0 (1).SXI
[2014/06/26 12:19:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/06/16 21:04:10 | 001,030,676 | ---- | C] () -- C:\Program Files\Navi-X-v37_8.zip
[2014/04/26 16:47:05 | 000,001,356 | ---- | C] () -- C:\Users\JA\AppData\Local\d3d9caps.dat
[2014/04/26 09:43:42 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini
[2014/04/25 21:28:28 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/12/13 16:11:23 | 000,000,079 | ---- | C] () -- C:\Windows\EWF545.ini
[2013/11/23 21:27:47 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat
[2013/11/23 21:26:02 | 000,000,058 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2013/11/23 12:37:45 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2013/11/23 12:33:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2013/11/23 12:22:08 | 001,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2013/11/06 16:42:12 | 000,005,360 | ---- | C] () -- C:\Windows\System32\AdpeakProxy.ini
[2013/11/06 16:32:48 | 000,002,312 | ---- | C] () -- C:\Windows\System32\AdpeakProxyOff.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 23:50:29 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/11/23 23:36:47 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 

All processes killed
========== OTL ==========
No active process named uTorrent.exe was found!
No active process named SearchProtection.exe was found!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BE88511-B326-81BE-6942-856F42F52531}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BE88511-B326-81BE-6942-856F42F52531}\ not found.
File C:\PROGRAM Files\pricechop\d_KgccFW0_.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{45504E32-5637-006A-76A7-7A786E7484D7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45504E32-5637-006A-76A7-7A786E7484D7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
File C:\Users\JA\AppData\Roaming\Search Protection\SearchProtection.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
File C:\Users\JA\AppData\Roaming\uTorrent\uTorrent.exe not found.
Folder C:\ProgramData\pricechop\ not found.
Folder C:\PROGRAM Files\pricechop\ not found.
Folder C:\Users\JA\AppData\Roaming\Search Protection\ not found.
========== FILES ==========
File\Folder C:\Windows\system32\DRIVERS\nkrxvarp.sys not found.
File\Folder C:\Users\JA\AppData\Roaming\uTorrent not found.
========== SERVICES/DRIVERS ==========
Error: No service named nkrxvarp was found to stop!
Service\Driver key nkrxvarp not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: ASPNET
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
 
User: JA
->Temp folder emptied: 344634 bytes
->Temporary Internet Files folder emptied: 38897 bytes
->Java cache emptied: 490153 bytes
->Google Chrome cache emptied: 10315653 bytes
->Flash cache emptied: 1267 bytes
 
User: Malachi
->Temp folder emptied: 312410 bytes
->Temporary Internet Files folder emptied: 6939470 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 225742578 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1243018 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262144 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 234.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07292014_142834
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\fb_1344.lck not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Computer seems to be back to normal, im not getting crazy pop ups at the moment


#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 July 2014 - 06:59 PM

Hi raymon823,
 

Yes I did run combo fix

ComboFix Warning
You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

With that being said, I need to see the log if you still have it.

= = = = = = = = = = = = = = = = = = = =



Computer seems to be back to normal, im not getting crazy pop ups at the moment

It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :thumbup:

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

In your next post please provide the following:


  • AdwCleaner[S0].txt
  • JRT.txt
  • How is the computer running at the moment, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#8 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 30 July 2014 - 01:47 PM

# AdwCleaner v3.301 - Report created 30/07/2014 at 15:11:16
# Updated 28/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : JA - MALACHI-PC
# Running from : C:\Users\JA\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\SaveSenseLive
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\SaveSenseLive
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\JA\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\JA\AppData\Local\genienext
Folder Deleted : C:\Users\JA\AppData\Local\Mobogenie
Folder Deleted : C:\Users\JA\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\JA\AppData\Local\SaveSenseLive
Folder Deleted : C:\Users\JA\AppData\Local\torch
Folder Deleted : C:\Users\JA\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JA\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\JA\AppData\Roaming\SaveSense
Folder Deleted : C:\Users\JA\Documents\Mobogenie
Folder Deleted : C:\Users\Malachi\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Malachi\AppData\Local\torch
File Deleted : C:\Windows\system32\AdpeakProxy.ini
File Deleted : C:\Windows\system32\AdpeakProxyOff.ini
File Deleted : C:\Users\JA\daemonprocess.txt
File Deleted : C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
File Deleted : C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{32148148}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SaveSenseLive
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\Scorpion Saver
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : khcceooakamlehbimaepcldnnlnkcmfk
 
[ File : C:\Users\Malachi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=360&amp;chn=retail&amp;geo=US&amp;ver=6&gct=sb&qsrc=2869
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=61008
Deleted [Startup_urls] : hxxp://search.gboxapp.com/
Deleted [Homepage] : hxxp://search.gboxapp.com/
 
*************************
 
AdwCleaner[R0].txt - [5834 octets] - [30/07/2014 15:07:45]
AdwCleaner[S0].txt - [5968 octets] - [30/07/2014 15:11:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6028 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by JA on Wed 07/30/2014 at 15:35:00.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/30/2014 at 15:37:40.65
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
I did notice before I was getting a notice for excessive pop ups in my chrome browser and that is gone now.  So it seems to be back to normal.  The combo fix that I ran before never completed so there was no log created.
 
 


#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 30 July 2014 - 07:18 PM

Hi raymon823,

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:


  • OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 31 July 2014 - 01:23 PM

OTL logfile created on: 7/31/2014 3:08:02 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JA\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.56% Memory free
6.16 Gb Paging File | 4.78 Gb Available in Paging File | 77.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.83 Gb Total Space | 135.24 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
Drive F: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MALACHI-PC | User Name: JA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JA\AppData\Local\Temp\8e6237f22ddf443d870f451b9614e977\filesys.dll ()
MOD - C:\Users\JA\AppData\Local\Temp\8e6237f22ddf443d870f451b9614e977\http.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Commtouch, Inc.)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\JA\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (FileDisk) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (PDFsFilter) -- C:\Windows\System32\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (AMP) -- C:\Windows\System32\drivers\amp.sys (Commtouch, Inc.)
DRV - (AMPSE) -- C:\Windows\System32\drivers\ampse.sys (Commtouch, Inc.)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (RT-USB) -- C:\Windows\System32\drivers\RT-USB.SYS (Ross-Tech LLC)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.adobe.com/offer/94603h [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{3EEB157E-417C-4087-9E33-639B3622F640}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit! = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: Google Wallet = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: No name found = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkpggjmfgipifpkfffffknfciiihilg\3.9\
CHR - Extension: AddThis - Share & Bookmark (old) = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pannmpobbfegpjngknbghelclaalbfob\2.0_0\
CHR - Extension: Gmail = C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\JA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A7B858-59F0-4E52-9C89-A89EF59ED55A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell - "" = AutoRun
O33 - MountPoints2\{024ec695-0047-11e4-84c2-001a803fae2e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\JA\AppData\Roaming\iolo\)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (Ұ)
O34 - HKLM BootExecute: (K)
O34 - HKLM BootExecute: (<Product GUID="36ED6646-A91F-4078-8781-9F2EB056D706" Name="DriveScrubber">)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/31 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/07/30 15:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/30 15:19:33 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\JA\Desktop\JRT.exe
[2014/07/30 15:09:06 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/07/30 15:02:30 | 000,000,000 | ---D | C] -- C:\9975d32029e1b6e1e4ed
[2014/07/30 15:01:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/29 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2014/07/29 16:40:39 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Microsoft Help
[2014/07/29 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\WindowsUpdate
[2014/07/29 15:32:18 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/07/29 15:32:18 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/07/29 15:32:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/07/29 15:32:17 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/07/29 15:32:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/07/29 15:32:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/07/29 15:31:24 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/07/29 15:31:24 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/07/29 15:31:23 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/07/29 15:31:23 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/07/29 15:31:23 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/07/29 15:31:23 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/07/29 15:31:23 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/07/29 15:31:23 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/07/29 15:31:23 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/07/29 15:25:57 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2014/07/29 15:24:59 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2014/07/29 15:24:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014/07/29 15:24:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014/07/29 15:24:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2014/07/29 15:24:51 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/07/29 15:24:02 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2014/07/29 15:24:02 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2014/07/29 15:24:00 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2014/07/29 15:23:59 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2014/07/29 15:23:55 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2014/07/29 15:23:54 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2014/07/29 15:23:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2014/07/29 15:23:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2014/07/29 15:23:49 | 000,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2014/07/29 15:23:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2014/07/29 15:23:49 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2014/07/29 15:23:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/07/29 15:23:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2014/07/29 15:23:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2014/07/29 15:23:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2014/07/29 15:23:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2014/07/29 15:23:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2014/07/29 15:23:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2014/07/29 15:23:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2014/07/29 15:23:43 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2014/07/29 15:23:37 | 000,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2014/07/29 15:23:36 | 000,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2014/07/29 15:23:32 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/07/29 15:23:32 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2014/07/29 15:23:29 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/07/29 15:23:26 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2014/07/29 15:23:26 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2014/07/29 15:23:26 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2014/07/29 15:23:24 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/07/29 15:23:24 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/07/29 15:23:08 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2014/07/29 15:23:07 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/07/29 15:23:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2014/07/29 06:50:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/28 18:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe
[2014/07/28 18:20:42 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe
[2014/07/26 21:55:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/26 18:02:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/26 18:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/26 18:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/26 18:02:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/07/26 18:01:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/07/26 18:01:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/26 18:00:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/25 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/07/25 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/25 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Roaming\Dropbox
[2014/07/25 19:28:47 | 036,818,984 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/07/25 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/07/23 07:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/23 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/23 06:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/07/21 17:30:51 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2014/07/21 17:30:51 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/07/21 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2014/07/21 16:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/07/21 16:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC_Booster
[2014/07/21 16:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\2041ed45e14bc565
[2014/07/21 16:10:50 | 000,000,000 | ---D | C] -- C:\Users\JA\AppData\Local\Comodo
[2014/07/21 15:55:08 | 000,426,496 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\JA\Desktop\odin3 v1.85.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/31 14:43:59 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\SaveSense.job
[2014/07/31 14:33:47 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/31 14:33:47 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/31 14:31:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/31 14:19:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/31 09:32:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/30 17:42:58 | 002,492,260 | ---- | M] () -- C:\Users\JA\Desktop\CBS.zip
[2014/07/30 15:40:26 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/30 15:40:26 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/30 15:34:17 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini
[2014/07/30 15:34:16 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/30 15:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/30 15:33:38 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/30 15:19:42 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\JA\Desktop\JRT.exe
[2014/07/30 14:59:51 | 231,030,439 | ---- | M] () -- C:\Users\JA\Desktop\Windows6.1-KB947821-v33-x86.msu
[2014/07/30 06:37:51 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/29 17:35:47 | 000,000,876 | ---- | M] () -- C:\Users\JA\Desktop\Norton Installation Files.lnk
[2014/07/29 16:57:35 | 000,333,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/28 19:41:41 | 000,000,558 | ---- | M] () -- C:\Users\JA\Desktop\MBR.zip
[2014/07/28 19:25:20 | 000,000,512 | ---- | M] () -- C:\Users\JA\Desktop\MBR.dat
[2014/07/28 18:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JA\Desktop\OTL.exe
[2014/07/28 18:21:00 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\JA\Desktop\aswMBR.exe
[2014/07/28 18:17:17 | 000,854,390 | ---- | M] () -- C:\Users\JA\Desktop\SecurityCheck.exe
[2014/07/26 17:34:31 | 000,001,356 | ---- | M] () -- C:\Users\JA\AppData\Local\d3d9caps.dat
[2014/07/25 21:58:13 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/25 19:29:12 | 036,818,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/07/23 07:00:02 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/21 16:17:55 | 000,000,196 | ---- | M] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe
[2014/07/21 16:12:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/21 15:53:24 | 010,700,862 | ---- | M] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5
[2014/07/21 15:53:20 | 001,206,230 | ---- | M] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip
[2014/07/21 15:50:34 | 000,203,289 | ---- | M] () -- C:\Users\JA\Desktop\Odin3v185.zip
[2014/07/17 20:57:22 | 016,302,088 | ---- | M] () -- C:\Users\JA\Desktop\show_6550689.mp3
[2014/07/17 20:33:52 | 000,000,000 | ---- | M] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3
[2014/07/11 15:58:56 | 000,001,614 | ---- | M] () -- C:\Users\JA\Desktop\Calculator.lnk
[2014/07/08 14:48:22 | 000,000,734 | ---- | M] () -- C:\Users\JA\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/08 14:19:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/08 14:19:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/01 17:23:51 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
 
========== Files Created - No Company Name ==========
 
[2014/07/30 17:42:58 | 002,492,260 | ---- | C] () -- C:\Users\JA\Desktop\CBS.zip
[2014/07/30 15:49:29 | 231,030,439 | ---- | C] () -- C:\Users\JA\Desktop\Windows6.1-KB947821-v33-x86.msu
[2014/07/29 15:23:48 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2014/07/28 19:41:41 | 000,000,558 | ---- | C] () -- C:\Users\JA\Desktop\MBR.zip
[2014/07/28 19:25:20 | 000,000,512 | ---- | C] () -- C:\Users\JA\Desktop\MBR.dat
[2014/07/28 18:17:14 | 000,854,390 | ---- | C] () -- C:\Users\JA\Desktop\SecurityCheck.exe
[2014/07/27 12:48:51 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2014/07/26 18:02:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/26 18:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/26 18:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/26 18:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/26 18:02:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/23 07:00:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/21 16:16:40 | 000,000,196 | ---- | C] () -- C:\Users\JA\Desktop\USB_Drivers_1.5.27.0.exe
[2014/07/21 15:55:08 | 000,000,182 | ---- | C] () -- C:\Users\JA\Desktop\Odin3.ini
[2014/07/21 15:53:31 | 010,700,862 | ---- | C] () -- C:\Users\JA\Desktop\philz_touch_6.26.2-klte.tar.md5
[2014/07/21 15:53:27 | 001,206,230 | ---- | C] () -- C:\Users\JA\Desktop\UPDATE-SuperSU-v1.94.zip
[2014/07/21 15:53:23 | 000,203,289 | ---- | C] () -- C:\Users\JA\Desktop\Odin3v185.zip
[2014/07/17 21:16:30 | 016,302,088 | ---- | C] () -- C:\Users\JA\Desktop\show_6550689.mp3
[2014/07/17 20:33:48 | 000,000,000 | ---- | C] () -- C:\Users\JA\Desktop\grudge-incorporated-talk-radio-6578525.mp3
[2014/07/11 15:58:56 | 000,001,614 | ---- | C] () -- C:\Users\JA\Desktop\Calculator.lnk
[2014/06/26 12:19:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/06/16 21:04:10 | 001,030,676 | ---- | C] () -- C:\Program Files\Navi-X-v37_8.zip
[2014/04/26 16:47:05 | 000,001,356 | ---- | C] () -- C:\Users\JA\AppData\Local\d3d9caps.dat
[2014/04/26 09:43:42 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini
[2014/04/25 21:28:28 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/12/13 16:11:23 | 000,000,079 | ---- | C] () -- C:\Windows\EWF545.ini
[2013/11/23 21:27:47 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat
[2013/11/23 21:26:02 | 000,000,058 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2013/11/23 12:37:45 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2013/11/23 12:33:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2013/11/23 12:22:08 | 001,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 23:50:29 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/11/23 23:36:47 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >

    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 July 2014 - 04:29 PM

Hi raymon823,

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:


  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 02 August 2014 - 01:54 PM

Well I was able to run the malwarebyte scan but im infected with something that is preventing me from getting on the eset website. A window opens saying the site id forbidden. In posting from my phone at the moment since im getting shopping banners all over the browser now

#13 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 02 August 2014 - 01:55 PM

I will post mbab log later this evening

#14 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 02 August 2014 - 02:05 PM

just noticed I am unable to navigate this site with ie also but Im able to do so using chrome.  I will see if I can get eset to work from chrome



#15 raymon823

raymon823

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 02 August 2014 - 02:06 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/31/2014
Scan Time: 6:59:41 PM
Logfile: malwareb.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.31.09
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista
CPU: x86
File System: NTFS
User: JA
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335175
Time Elapsed: 17 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-49783046-2574656137-3851344046-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [2aeb693de09b73c3a5194a1b20e2837d], 
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-49783046-2574656137-3851344046-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [2aeb693de09b73c3a5194a1b20e2837d], 
PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, Quarantined, [80956c3a6318b383197a1cdda95927d9], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
PUP.Optional.InstallBrain.A, C:\Users\JA\Downloads\VideoPerformerSetup.exe, Quarantined, [31e4dacc3f3cec4aea5d1c526c95d12f], 
PUP.Optional.iBryte, C:\Users\JA\Downloads\Player-Chrome.exe, Quarantined, [f0253d690774280e300da002669b37c9], 
PUP.Optional.ContinueToSave.A, C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage, Delete-on-Reboot, [799ca7ffe19ac76ff33b448af70b7e82], 
PUP.Optional.ContinueToSave.A, C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal, Delete-on-Reboot, [4cc9f3b3f388af876cc2efdf778b7a86], 
PUP.Optional.Superfish.A, C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [62b32581d5a6c76f618d31afe71b22de], 
PUP.Optional.Superfish.A, C:\Users\JA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [bd5884225625e94dc22c914f0cf6a858], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users