View Full Version : Win32/Adload/DA
jasonburnaby
2012-09-13, 19:15
Hello,
I have a message from Windows that my computer has a virus: Win32/Adload/DA
So far I haven't noticed anything unusual but according to Windows it stopped my computer from running 1 time (two days ago)
Before seeking help from you I ran HitMan, OTL, TDSSkiller, aswMBR and the Avast boot-up scan. None of them found any infections.
I've followed your prepost instructions- did the registry and ran DDS and aswMBR (again). I've attached the DDS file and below I'm pasting the DDS and aswMBR logs.
I'd greatly appreciate any help you can give me! :)
Here's the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jason at 11:03:31 on 2012-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.721 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\AsusService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\windows\system32\EscSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\ASUS\LivCam\LivCam.exe
C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBA.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - c:\program files\bittorrentcontrol_v12\prxtbBitT.dll
mURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - c:\program files\bittorrentcontrol_v12\prxtbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - c:\program files\bittorrentcontrol_v12\prxtbBitT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - c:\program files\bittorrentcontrol_v12\prxtbBitT.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\jason\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatiiba.exe /ept "epltarget\P0000000000000000" /M "XP-400 Series"
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [EeeStorageBackup] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxExt] c:\windows\system32\IgfxExt.exe /RegServer
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BCB96184-E700-4D7A-A71C-E0FC5352A65B} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\14D6472716B634F6E6E65636473547164796F6E6 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\3416275737F68323 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\34369616076693 : DhcpNameServer = 192.168.27.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\45865602245616E6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\54C625F626C6566556274656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\861607079786F6D656D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\A5978554C40274D253730335 : DhcpNameServer = 212.142.144.66 212.142.144.98
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-12-21 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-29 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-29 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-12-21 219136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-29 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-29 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-5 44808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-8-27 167520]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-8-27 142432]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2012-8-27 122000]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-16 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-21 29472]
R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-11-16 635168]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-11-16 51712]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-29 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-8 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-29 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-30 1343400]
.
=============== Created Last 30 ================
.
2012-09-13 13:57:47 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f8b6eca-3b33-41f3-97ab-b5de15393c45}\offreg.dll
2012-09-13 05:25:10 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 05:25:09 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 05:24:47 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 05:24:47 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 05:24:46 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 05:20:23 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 01:12:21 -------- d-----w- c:\programdata\HitmanPro
2012-09-13 00:38:17 -------- d-----w- c:\users\jason\appdata\roaming\Malwarebytes
2012-09-13 00:37:55 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:37:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 00:37:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 01:57:05 -------- d-----w- c:\windows\system32\SPReview
2012-09-12 01:54:57 -------- d-----w- c:\windows\system32\EventProviders
2012-09-11 12:33:35 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f8b6eca-3b33-41f3-97ab-b5de15393c45}\mpengine.dll
2012-09-09 03:05:41 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-06 03:50:10 -------- d-----w- c:\users\jason\Tambien la Lluvia [dvdrip][spanish][AC3 5.1][www.lokotorrents.com]
2012-09-06 03:49:51 -------- d-----w- c:\users\jason\Azul.Oscuro.Casi.Negro.[Dvdrip][Spanish][www.FanCluBT.com]
2012-09-06 03:35:03 -------- d-----w- c:\users\jason\{www.scenetime.com}Princesas (2005) Fernando Leon de Aranoa
2012-09-06 02:51:31 -------- d-----w- c:\users\jason\Cell.211.2009.BDRip.XviD-NODLABS
2012-09-06 02:43:30 -------- d-----w- c:\users\jason\Pa.Negre.(Pan.Negro).2010.ORIGINAL.DVDRip.AC3.HORiZON-ArtSubs
2012-09-06 02:40:58 -------- d-----w- c:\users\jason\No Habra Paz Para Los Malvados [dvdrip][spanish][AC3-5.1][www.lokotorrents.com]
2012-09-06 02:37:58 -------- d-----w- c:\users\jason\La Voz Dormida [dvdrip][sapnish][AC3-5.1][www.lokotorrents.com]
2012-09-05 12:04:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 11:59:32 -------- d-----w- c:\program files\eMule
2012-09-05 11:27:00 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-04 15:25:52 -------- d-----w- c:\users\jason\appdata\roaming\EndNote
2012-09-04 15:25:00 -------- d-----w- c:\program files\common files\Risxtd
2012-09-04 15:24:49 -------- d-----w- c:\program files\common files\ResearchSoft
2012-09-04 15:22:23 -------- d-----w- c:\program files\EndNote X6
2012-09-04 15:21:02 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers
2012-09-04 15:13:11 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-09-04 02:54:41 -------- d-----w- c:\users\jason\Rebirth
2012-09-04 02:53:58 -------- d-----w- c:\users\jason\In Rainbows
2012-09-04 02:52:04 -------- d-----w- c:\users\jason\Radiohead OK Computer
2012-09-04 02:40:05 -------- d-----w- c:\program files\BitTorrentControl_v12
2012-08-28 12:50:47 -------- d-----w- c:\users\jason\appdata\roaming\Leader Technologies
2012-08-27 22:50:11 -------- d-----w- c:\program files\common files\EPSON
2012-08-27 22:41:13 -------- d-----w- c:\program files\LTCM Client
2012-08-27 22:31:11 -------- d-----w- c:\program files\Epson Software
2012-08-27 22:26:25 95232 ----a-w- c:\windows\system32\E_FLBIBA.DLL
2012-08-27 22:26:16 81408 ----a-w- c:\windows\system32\E_FD4BIBA.DLL
2012-08-27 22:25:33 -------- d-----w- c:\programdata\EPSON
2012-08-27 22:24:35 342016 ----a-w- c:\windows\system32\esw2ud.dll
2012-08-27 22:24:35 122000 ----a-w- c:\windows\system32\escsvc.exe
2012-08-27 22:23:53 -------- d-----w- c:\program files\epson
2012-08-22 16:59:08 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-16 12:26:13 262656 ----a-w- c:\windows\system32\rstrui.exe
2012-08-16 12:26:12 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 12:25:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 12:25:48 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 12:25:46 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 12:25:23 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 12:25:21 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-16 12:25:12 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-16 12:25:09 30208 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
.
==================== Find3M ====================
.
2012-09-12 02:18:45 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-09-09 03:05:41 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 12:03:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 12:03:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 14:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
============= FINISH: 11:07:15,48 ===============
And the aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-13 11:16:25
-----------------------------
11:16:25.722 OS Version: Windows 6.1.7601 Service Pack 1
11:16:25.723 Number of processors: 2 586 0x1C02
11:16:25.732 ComputerName: JASON-PC UserName: Jason
11:16:29.396 Initialize success
11:16:31.143 AVAST engine defs: 12091300
11:16:35.823 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:16:35.839 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60N Size: 238475MB BusType: 3
11:16:35.901 Disk 0 MBR read successfully
11:16:35.917 Disk 0 MBR scan
11:16:35.932 Disk 0 Windows 7 default MBR code
11:16:35.963 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
11:16:36.026 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 125815 MB offset 209717248
11:16:36.057 Disk 0 Partition 3 00 1B Hidd FAT32 MSDOS5.0 10240 MB offset 467386368
11:16:36.104 Disk 0 Partition 4 00 EF EFI FAT A1451 16 MB offset 488357888
11:16:36.166 Disk 0 scanning sectors +488392065
11:16:36.307 Disk 0 scanning C:\windows\system32\drivers
11:17:02.727 Service scanning
11:17:48.791 Modules scanning
11:18:17.881 Disk 0 trace - called modules:
11:18:17.951 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:18:17.976 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a31648]
11:18:18.004 3 CLASSPNP.SYS[88db259e] -> nt!IofCallDriver -> [0x84c9a640]
11:18:18.029 5 ACPI.sys[888af3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8594c030]
11:18:19.038 AVAST engine scan C:\windows
11:18:22.661 AVAST engine scan C:\windows\system32
11:24:14.745 AVAST engine scan C:\windows\system32\drivers
11:24:39.476 AVAST engine scan C:\Users\Jason
11:40:44.589 AVAST engine scan C:\ProgramData
11:41:31.446 Scan finished successfully
12:14:00.433 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\MBR.dat"
12:14:00.501 The log file has been saved successfully to "C:\Users\Jason\Desktop\aswMBR.txt"
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Sorry for the delay. I see your using the torrents to download whatever, let me tell you this is a bad practice because not all but a greater percentage of files downloaded via the torrents are infected.
If you still require help, uninstall BitTorrentControl_v12 Toolbar and anything else related to the torrents and rerun DDS and post a new log please
jasonburnaby
2012-09-18, 18:01
Okay, I've uninstalled Torrent program and toolbar and ran a new DDS. The logs are pasted below and attached.
Thanks!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jason at 10:42:58 on 2012-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.753 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\AsusService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\windows\system32\EscSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\LivCam\LivCam.exe
C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBA.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\jason\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatiiba.exe /ept "epltarget\P0000000000000000" /M "XP-400 Series"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [EeeStorageBackup] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxExt] c:\windows\system32\IgfxExt.exe /RegServer
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BCB96184-E700-4D7A-A71C-E0FC5352A65B} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\14D6472716B634F6E6E65636473547164796F6E6 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\3416275737F68323 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\34369616076693 : DhcpNameServer = 192.168.27.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\45865602245616E6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\54C625F626C6566556274656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\861607079786F6D656D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}\A5978554C40274D253730335 : DhcpNameServer = 212.142.144.66 212.142.144.98
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-12-21 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-29 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-29 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-12-21 219136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-29 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-29 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-5 44808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-8-27 167520]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-8-27 142432]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2012-8-27 122000]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-9-15 1153368]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-16 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-21 29472]
R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-11-16 635168]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-11-16 51712]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-29 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-8 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-29 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-30 1343400]
.
=============== Created Last 30 ================
.
2012-09-18 13:34:31 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a6764c21-c126-461f-b085-8b7c56ce6767}\mpengine.dll
2012-09-15 19:19:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-15 19:19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-13 05:25:10 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 05:25:09 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 05:24:47 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 05:24:47 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 05:24:46 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 05:20:23 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 01:12:21 -------- d-----w- c:\programdata\HitmanPro
2012-09-13 00:38:17 -------- d-----w- c:\users\jason\appdata\roaming\Malwarebytes
2012-09-13 00:37:55 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:37:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 00:37:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 01:57:05 -------- d-----w- c:\windows\system32\SPReview
2012-09-12 01:54:57 -------- d-----w- c:\windows\system32\EventProviders
2012-09-09 03:05:41 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 12:04:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 11:27:00 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-04 15:25:52 -------- d-----w- c:\users\jason\appdata\roaming\EndNote
2012-09-04 15:25:00 -------- d-----w- c:\program files\common files\Risxtd
2012-09-04 15:24:49 -------- d-----w- c:\program files\common files\ResearchSoft
2012-09-04 15:22:23 -------- d-----w- c:\program files\EndNote X6
2012-09-04 15:21:02 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers
2012-09-04 15:13:11 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-09-04 02:54:41 -------- d-----w- c:\users\jason\Rebirth
2012-09-04 02:53:58 -------- d-----w- c:\users\jason\In Rainbows
2012-09-04 02:52:04 -------- d-----w- c:\users\jason\Radiohead OK Computer
2012-08-28 12:50:47 -------- d-----w- c:\users\jason\appdata\roaming\Leader Technologies
2012-08-27 22:50:11 -------- d-----w- c:\program files\common files\EPSON
2012-08-27 22:41:13 -------- d-----w- c:\program files\LTCM Client
2012-08-27 22:31:11 -------- d-----w- c:\program files\Epson Software
2012-08-27 22:26:25 95232 ----a-w- c:\windows\system32\E_FLBIBA.DLL
2012-08-27 22:26:16 81408 ----a-w- c:\windows\system32\E_FD4BIBA.DLL
2012-08-27 22:25:33 -------- d-----w- c:\programdata\EPSON
2012-08-27 22:24:35 342016 ----a-w- c:\windows\system32\esw2ud.dll
2012-08-27 22:24:35 122000 ----a-w- c:\windows\system32\escsvc.exe
2012-08-27 22:23:53 -------- d-----w- c:\program files\epson
2012-08-22 16:59:08 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
.
==================== Find3M ====================
.
2012-09-12 02:18:45 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-09-09 03:05:41 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 12:03:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 12:03:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 14:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
============= FINISH: 10:49:01,74 ===============
Hi,
Let me ask you, is this a company computer ?
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
jasonburnaby
2012-09-18, 19:48
Okay, here are the Malwarebytes and OTL.Txt logs. I'll paste the other OTL log in another post.
Should I run the OTL clean up?
MALWAREBYTES LOG:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.12.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jason :: JASON-PC [administrator]
9/18/2012 11:42:47 AM
mbam-log-2012-09-18 (11-42-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195071
Time elapsed: 12 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL.TXT:
OTL logfile created on: 9/18/2012 12:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jason\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,40% Memory free
3,98 Gb Paging File | 2,78 Gb Available in Paging File | 69,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 36,42 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 53,07 Gb Free Space | 43,20% Space Free | Partition Type: NTFS
Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jason\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
PRC - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\ASUS\LivCam\SMIUtility.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ==========
DRV - (mbr) -- C:\Users\Jason\AppData\Local\Temp\mbr.sys File not found
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{D5610E61-A61F-4151-B939-B20E5744547A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2011/12/01 09:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2012/09/03 22:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/31 09:02:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/09/03 22:41:22 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
========== Chrome ==========
CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Zotero Connector = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\3.0.8.1_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCB96184-E700-4D7A-A71C-E0FC5352A65B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f1f5d3d-e9da-11e0-a5e8-1c4bd60749e6}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1f5d3d-e9da-11e0-a5e8-1c4bd60749e6}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/15 15:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/15 15:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/15 15:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/13 10:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/13 10:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/13 01:25:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/09/13 01:24:47 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/13 01:24:46 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/13 01:20:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2012/09/12 21:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/12 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2012/09/12 20:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/12 20:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 20:37:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/12 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/11 21:57:05 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/09/11 21:54:57 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/09/08 23:05:41 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/05 19:21:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\BestBuy.com - Thank You_files
[2012/09/05 08:04:56 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/05 08:04:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/05 08:04:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/05 08:04:28 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/05 07:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/05 07:27:00 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/09/04 11:30:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My EndNote Library.Data
[2012/09/04 11:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EndNote
[2012/09/04 11:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2012/09/04 11:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012/09/04 11:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012/09/04 11:24:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012/09/04 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X6
[2012/09/04 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012/09/04 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/03 22:54:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Rebirth
[2012/09/03 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\In Rainbows
[2012/09/03 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Radiohead OK Computer
[2012/08/28 08:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Leader Technologies
[2012/08/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Epson
[2012/08/27 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/08/27 18:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2012/08/27 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\LTCM Client
[2012/08/27 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2012/08/27 18:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/08/27 18:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/08/27 18:26:25 | 000,095,232 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FLBIBA.DLL
[2012/08/27 18:26:16 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FD4BIBA.DLL
[2012/08/27 18:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/08/27 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/08/27 18:24:35 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\esw2ud.dll
[2012/08/27 18:24:35 | 000,122,000 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\escsvc.exe
[2012/08/27 18:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/08/22 12:56:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/22 12:56:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/22 12:56:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/08/22 12:56:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/22 12:56:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/08/22 12:56:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/22 12:56:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2012/09/18 12:14:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/18 11:48:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001UA.job
[2012/09/18 11:37:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/18 11:28:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/18 11:05:01 | 000,002,693 | ---- | M] () -- C:\Users\Jason\Desktop\Microsoft Office Word 2007.lnk
[2012/09/18 10:58:21 | 000,003,972 | ---- | M] () -- C:\Users\Jason\Desktop\Attach.zip
[2012/09/18 10:57:01 | 000,003,913 | ---- | M] () -- C:\Users\Jason\Desktop\Attach.rar
[2012/09/18 09:35:41 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 09:35:41 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 09:28:24 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/18 09:27:28 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/17 23:48:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001Core.job
[2012/09/17 12:25:19 | 028,434,335 | ---- | M] () -- C:\Users\Jason\Desktop\dn2012-0917-1.mp3
[2012/09/15 15:20:04 | 000,001,240 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/14 22:09:47 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/14 22:09:47 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/13 12:14:00 | 000,000,512 | ---- | M] () -- C:\Users\Jason\Desktop\MBR.dat
[2012/09/13 01:07:16 | 000,375,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/11 22:18:45 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
[2012/09/08 23:05:41 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/08 23:05:41 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/06 11:10:46 | 000,523,467 | ---- | M] () -- C:\Users\Jason\Desktop\contract Aberdeen.pdf
[2012/09/05 19:21:47 | 000,115,652 | ---- | M] () -- C:\Users\Jason\Desktop\BestBuy.com - Thank You.htm
[2012/09/05 08:04:07 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/05 08:04:00 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/05 08:04:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/05 08:03:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/05 08:03:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/09/05 08:03:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/09/05 07:26:59 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/09/04 19:57:46 | 000,014,022 | ---- | M] () -- C:\Users\Jason\Documents\My EndNote Library.enl
[2012/09/03 22:40:23 | 000,000,258 | RHS- | M] () -- C:\Users\Jason\ntuser.pol
[2012/08/30 21:53:28 | 001,326,656 | ---- | M] () -- C:\Users\Jason\Desktop\PreSchoolbooklet201213corrected16.01.12.pdf
[2012/08/27 18:45:44 | 000,000,079 | ---- | M] () -- C:\windows\XP400.ini
[2012/08/27 18:41:08 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk
[2012/08/27 18:24:37 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/08/26 00:16:57 | 000,003,142 | ---- | M] () -- C:\Users\Jason\Desktop\linear-dbgs.gif
[2012/08/24 04:17:07 | 000,411,781 | ---- | M] () -- C:\Users\Jason\Desktop\academic_calendar.pdf
[2012/08/22 13:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/08/22 13:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/08/20 12:59:41 | 000,107,433 | ---- | M] () -- C:\Users\Jason\Desktop\Payment Receipt - PayPal.pdf
========== Files Created - No Company Name ==========
[2012/09/18 11:05:01 | 000,002,693 | ---- | C] () -- C:\Users\Jason\Desktop\Microsoft Office Word 2007.lnk
[2012/09/18 10:58:21 | 000,003,972 | ---- | C] () -- C:\Users\Jason\Desktop\Attach.zip
[2012/09/18 10:57:01 | 000,003,913 | ---- | C] () -- C:\Users\Jason\Desktop\Attach.rar
[2012/09/17 12:25:20 | 028,434,335 | ---- | C] () -- C:\Users\Jason\Desktop\dn2012-0917-1.mp3
[2012/09/15 15:20:04 | 000,001,240 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/12 21:46:51 | 000,000,512 | ---- | C] () -- C:\Users\Jason\Desktop\MBR.dat
[2012/09/08 23:05:46 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 11:10:46 | 000,523,467 | ---- | C] () -- C:\Users\Jason\Desktop\contract Aberdeen.pdf
[2012/09/05 19:21:47 | 000,115,652 | ---- | C] () -- C:\Users\Jason\Desktop\BestBuy.com - Thank You.htm
[2012/09/04 11:30:39 | 000,014,022 | ---- | C] () -- C:\Users\Jason\Documents\My EndNote Library.enl
[2012/09/03 22:40:23 | 000,000,258 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
[2012/08/30 21:53:42 | 001,326,656 | ---- | C] () -- C:\Users\Jason\Desktop\PreSchoolbooklet201213corrected16.01.12.pdf
[2012/08/27 18:41:15 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2012/08/27 18:41:08 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk
[2012/08/27 18:24:37 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/08/26 17:53:33 | 000,000,079 | ---- | C] () -- C:\windows\XP400.ini
[2012/08/26 00:17:12 | 000,003,142 | ---- | C] () -- C:\Users\Jason\Desktop\linear-dbgs.gif
[2012/08/24 04:17:26 | 000,411,781 | ---- | C] () -- C:\Users\Jason\Desktop\academic_calendar.pdf
[2012/08/20 12:59:40 | 000,107,433 | ---- | C] () -- C:\Users\Jason\Desktop\Payment Receipt - PayPal.pdf
[2012/05/11 23:05:06 | 000,000,532 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2012/04/04 07:25:56 | 000,107,008 | ---- | C] () -- C:\windows\System32\PDFENC32.DLL
[2012/01/19 03:22:01 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/09 14:12:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2011/11/06 16:53:07 | 000,020,992 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 16:17:38 | 000,000,266 | ---- | C] () -- C:\windows\lgfwup.ini
[2011/09/28 10:28:37 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2009/12/21 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam
[2009/12/21 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam
[2012/08/24 04:13:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\E-Cam
[2012/09/04 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\EndNote
[2012/08/27 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Epson
[2011/11/11 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2012/08/28 08:50:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leader Technologies
[2012/08/27 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2011/10/12 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Scendix Software
[2012/05/11 23:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Template
[2012/05/08 09:37:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zotero
[2012/07/04 08:16:10 | 000,032,534 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
jasonburnaby
2012-09-18, 19:50
Extras.Txt:
OTL Extras logfile created on: 9/18/2012 12:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jason\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,40% Memory free
3,98 Gb Paging File | 2,78 Gb Available in Paging File | 69,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 36,42 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 53,07 Gb Free Space | 43,20% Space Free | Partition Type: NTFS
Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004DA929-DDD5-4E57-B04C-5721159D48ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11428D2B-7A85-44DA-A4AA-6A1345775C7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16DA3D40-191C-4C7E-AB42-8964713BE14E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2341A134-5EE1-4CA1-91BD-82D7D564B43F}" = lport=139 | protocol=6 | dir=in | app=system |
"{277DBCA1-D163-435C-854D-3D6FE0FFA12E}" = lport=137 | protocol=17 | dir=in | app=system |
"{29CA5365-8CA0-48AD-BB3C-711CCA8226D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39788E62-51A6-48C4-9E0C-89C9AEBF2AD0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4094DA3B-A080-482B-8B61-D436BD02114D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{566860BB-A0C7-45F0-A268-DD73D8584ABC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61B5248E-5A03-4AF0-A671-8BCE79B976C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B62E963-7557-44EC-9553-4F30A4B7B52E}" = rport=137 | protocol=17 | dir=out | app=system |
"{855F731B-5B6C-4893-8D13-7D0CAD4195F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{98569D7A-0976-4F10-A91B-7B9AA36B78BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9CEDA4C9-CA07-4492-A437-8D93F4222989}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F88A558-E75A-4D6E-A3E1-E1483978F82E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1BF98A9-8454-47DB-85F7-C11B58BF49FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCEBD5CA-9992-40FF-8483-CA8612905E09}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDE98188-583E-44D6-8256-536E818263C1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CB305A5A-D606-4A0B-8308-37534DABC7A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE00111D-5EC6-4CF6-BC0B-E6D53A6C243F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D27A42EE-9C52-4150-973E-308D36643FF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAD7D3D0-AF33-4CFD-B4F5-55DE8FEBEACC}" = lport=138 | protocol=17 | dir=in | app=system |
"{E71124CF-730F-4580-8E6F-4880ECC8A596}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDB98CA8-A75B-42D2-BD78-BF33D033A54D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC29BAFF-C0FF-4729-AEEB-C1CE3E9EC474}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02658BA2-553F-481E-8924-A38F56BBC718}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12207E98-BEBD-48A5-ADF1-DF654CF4F325}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140F8372-319F-4D27-BF43-AA7B49BB3CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18BE331D-0FF1-439D-94F2-C962F46FF38E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{22D9B39C-A986-48AC-A1C2-979B91021D70}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{239118ED-1B3A-47E8-BD2E-631FB5F3B8A9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3079A12D-62F2-4D57-9B35-BDAD80C101E8}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{308C686C-C8D0-4C8E-B90C-5B901B81B445}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{310066CF-C458-468F-BBFC-EB88D2B18DCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32AB7E41-767C-4CE4-91FC-2E22BB7A9A7A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{398BA869-1A3A-41B3-9DCF-CB1B4087E1DE}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3E167497-09AC-40AF-A203-4FDD7E2E9069}" = protocol=58 | dir=in | app=system |
"{4949AF7B-AEA4-4A8B-8117-313D8711D895}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{518A1DF2-5109-472C-BCD7-513642D9A781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B10A295-335C-4792-80BC-4B5846B472B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5DE47A9E-DD1D-4EEB-B4DB-AD4634DA8D07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6271BC94-B733-4F50-A6C6-1D04A1301FE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A367654-0FC4-4A29-BAE9-65AE419AF352}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6FA55D4F-D2BC-4894-9B0F-6BCA7E737AAD}" = protocol=6 | dir=out | app=system |
"{77CDFB9D-4A04-4597-B7E7-0617B6A29FA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7A63958E-F965-4E1D-A6A4-6334C5D7B4E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7B702AEF-8024-4713-A5E6-252F90302FE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1D52F65-A4AB-49BE-9E00-BB1898342790}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B48E7282-0E36-47B4-9807-EA21EBC5DC27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2B26905-545F-4A56-A6F2-0D58184DB113}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4D9B79D-4B4A-4953-8259-19CF3200FD57}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E4463E54-D392-45FB-9ECF-748AC2D38B6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E49DB730-EEF7-421C-8F83-87EA6D8E320F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4E38135C-05D3-4FAD-B63F-B3267D3C0D22}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B91D3359-2816-4D80-BEA5-F824C8AA753B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{C01E38B6-B0E8-4ED2-B49C-FA724E50D541}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{7100CA1B-8B54-4478-9261-007EF23BE5AA}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{925807A5-0F13-4546-A27E-DA51B0B0137C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{D6C64F96-21C4-446D-B0CE-5DDE5DE44BF2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0408-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Greek) 2007
"{90120000-0017-0408-0000-0000000FF1CE}_OMUI.el-gr_{FB030BB2-3A16-44E4-B0C4-407A7D00BF3B}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-040D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2007
"{90120000-0017-040D-0000-0000000FF1CE}_OMUI.he-il_{D4FAEEE0-CF87-4820-A306-70B0F7328996}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0816-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Portugal)) 2007
"{90120000-0017-0816-0000-0000000FF1CE}_OMUI.pt-pt_{0DB1D460-C17F-44BD-9339-4144B9AB1065}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0C0A-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Spanish) 2007
"{90120000-0017-0C0A-0000-0000000FF1CE}_OMUI.es-es_{44265B24-25E8-4728-AFCB-8A0DE6B8D3CB}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.he-il_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_OMUI.es-es_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.el-gr_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_OMUI.el-gr_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.el-gr_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.es-es_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.he-il_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.pt-pt_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.el-gr_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.es-es_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.he-il_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.pt-pt_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_OMUI.he-il_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_OMUI.es-es_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_OMUI.he-il_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_OMUI.es-es_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_OMUI.es-es_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_OMUI.pt-pt_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.es-es_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.pt-pt_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0044-0408-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Greek) 2007
"{90120000-0044-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2007
"{90120000-0044-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-0044-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_OMUI.el-gr_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_OMUI.he-il_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_OMUI.he-il_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_OMUI.pt-pt_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_OMUI.es-es_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0408-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2007
"{90120000-00A1-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2007
"{90120000-00A1-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0408-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Greek) 2007
"{90120000-00BA-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_OMUI.he-il_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0408-0000-0000000FF1CE}" = Microsoft Office O MUI (Greek) 2007
"{90120000-0100-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-040D-0000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2007
"{90120000-0100-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0816-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Portugal)) 2007
"{90120000-0100-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0C0A-0000-0000000FF1CE}" = Microsoft Office O MUI (Spanish) 2007
"{90120000-0100-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0408-0000-0000000FF1CE}" = Microsoft Office X MUI (Greek) 2007
"{90120000-0101-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-040D-0000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2007
"{90120000-0101-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0816-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Portugal)) 2007
"{90120000-0101-0816-0000-0000000FF1CE}_OMUI.pt-pt_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0C0A-0000-0000000FF1CE}" = Microsoft Office X MUI (Spanish) 2007
"{90120000-0101-0C0A-0000-0000000FF1CE}_OMUI.es-es_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-040D-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007
"{90120000-0114-040D-0000-0000000FF1CE}_OMUI.he-il_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"9329-2753-3156-3513" = Renta 2011 1.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Eee Docking_is1" = Eee Docking 3.3.0
"EPSON Scanner" = EPSON Scan
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"LPCO" = Intel(R) Graphics Media Accelerator 500
"LTCM Client" = LTCM Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mendeley Desktop" = Mendeley Desktop 1.5.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OMUI.el-gr" = Microsoft Office Language Pack 2007 - Greek/Ελληνικά
"OMUI.es-es" = Microsoft Office Language Pack 2007 - Spanish/Español
"OMUI.he-il" = Microsoft Office Language Pack 2007 - Hebrew עברית
"OMUI.pt-pt" = Microsoft Office Language Pack 2007 - Portuguese/Português
"Picasa 3" = Picasa 3
"Renta 2011" = Renta 2011
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Zotero Standalone 3.0.7 (x86 en-US)" = Zotero Standalone 3.0.7 (x86 en-US)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/3/2012 8:41:37 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 968 Start
Time: 01cd8a35eb649b0c Termination Time: 262 Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report
Id: 42ab62fe-f629-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 9:10:04 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6dc Start
Time: 01cd8a38b82cf8ae Termination Time: 73 Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report
Id: 39d81801-f62d-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 9:11:56 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1188 Start
Time: 01cd8a3a0516a405 Termination Time: 638 Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report
Id: 7db07d02-f62d-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 9:16:31 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 44c Start
Time: 01cd8a3a571f71f6 Termination Time: 94 Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report
Id: 2335ab83-f62e-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 9:27:57 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14f0 Start
Time: 01cd8a3af5916d25 Termination Time: 205 Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report
Id: b99366a9-f62f-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 9:36:16 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14d8 Start
Time: 01cd8a3ce0214ef2 Termination Time: 77 Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report
Id: e43f2856-f630-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 10:17:46 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Error - 9/3/2012 10:26:30 PM | Computer Name = Jason-PC | Source = Application Hang
| ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13f4
Start Time: 01cd8a3db234c838
Termination Time: 84
Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report Id: eaecd998-f637-11e1-a69f-1c4bd60749e6
Error - 9/3/2012 10:35:33 PM | Computer Name = Jason-PC | Source = Application Hang
| ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27221 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 10d8
Start Time: 01cd8a44b5f7d1bb
Termination Time: 109
Application Path: C:\Program Files\BitTorrent\BitTorrent.exe
Report Id: 2e7cfdbd-f639-11e1-a69f-1c4bd60749e6
Error - 9/4/2012 11:28:53 AM | Computer Name = Jason-PC | Source = Application Error
| ID = 1000
Description = Faulting application name: EndNote.exe, version: 16.0.0.6348, time stamp: 0x4ff7315e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1418
Faulting application start time: 0x01cd8ab1a9e1d20c
Faulting application path: C:\Program Files\EndNote X6\EndNote.exe
Faulting module path: unknown
Report Id: 3b7df329-f6a5-11e1-b7a4-1c4bd60749e6
Error - 9/4/2012 1:20:22 PM | Computer Name = Jason-PC | Source = Application Error
| ID = 1000
Error - 9/4/2012 1:20:32 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d6878c3 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec49caf Exception code: 0xc0000374 Fault offset: 0x000c33bb Faulting
process id: 0xbdc Faulting application start time: 0x01cd8a979c652970 Faulting application
path: C:\windows\Explorer.EXE Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: d4667a60-f6b4-11e1-b7a4-1c4bd60749e6
Error - 9/4/2012 7:56:17 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7600.16768 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a80 Start
Time: 01cd8ac1b2a5a710 Termination Time: 0 Application Path: C:\Windows\explorer.exe
Report
Id:
[ OSession Events ]
Error - 8/20/2012 12:30:41 PM | Computer Name = Jason-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 320
seconds with 240 seconds of active time. This session ended with a crash.
Error - 9/8/2012 12:20:06 PM | Computer Name = Jason-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6226
seconds with 4380 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/14/2012 9:03:02 PM | Computer Name = Jason-PC | Source = DCOM | ID = 10010
Description =
Error - 9/15/2012 9:06:36 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 9/15/2012 6:57:22 PM | Computer Name = Jason-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 9/16/2012 7:53:36 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 9/17/2012 8:16:38 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 9/17/2012 10:20:11 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.
Error - 9/17/2012 3:09:52 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.
Error - 9/17/2012 11:23:23 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 9/18/2012 9:28:02 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 9/18/2012 11:28:40 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
< End of report >
jasonburnaby
2012-09-18, 20:05
Sorry, I forgot to answer your question. No, it's not a company computer, it's my private computer. I work at a university and use it to log on to the university system sometimes but other than that it's for personal use.
No, dont run the clean up yet. You never answered my question as to whether this is a company computer or not
Ok,
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
[2012/05/31 09:02:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/09/03 22:41:22 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
CHR - homepage: http://search.conduit.com/?ctid=CT32...earchSource=48
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then rescan and post a new log please
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
jasonburnaby
2012-09-19, 03:26
I've had some trouble running these programs.
I've tried three times to run fix with that code pasted in OTL. It runs through the first commands but gets stuck each time on the one that begins "2012/09/03....". The program stops responding and eventually I have to log off Windows. The one time I let it go for a long time Windows logged off by itself and restarted.
I ran the ESET scan and that worked fine. It said no threats were found. But it didn't give me the options "List of Found Threats" or "Export to text file". I did find a text file in the program folder which seems to be a log of the scan, though its very short. I'll paste it below.
I also ran another scan with OTL and I'll paste the OTL.Txt log below. But the other one didn't open up and I can't find it. There's an OTL folder in the C drive, but all it has is a folder called Moved Files with three empty folders.
I hope the information I can send you helps.
ESET log
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b8bd2325ae6bb340bb12c32d5e0462ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 10:58:02
# local_time=2012-09-18 06:58:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 99538162 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=163026
# found=0
# cleaned=0
# scan_time=15711
OTL.Txt
OTL logfile created on: 9/18/2012 7:43:53 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jason\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,99 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,60% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 36,00 Gb Free Space | 36,00% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 53,07 Gb Free Space | 43,20% Space Free | Partition Type: NTFS
Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jason\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
PRC - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\ASUS\LivCam\SMIUtility.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{D5610E61-A61F-4151-B939-B20E5744547A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2011/12/01 09:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2012/09/03 22:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/31 09:02:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/09/03 22:41:22 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
========== Chrome ==========
CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Zotero Connector = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\3.0.8.1_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCB96184-E700-4D7A-A71C-E0FC5352A65B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f1f5d3d-e9da-11e0-a5e8-1c4bd60749e6}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1f5d3d-e9da-11e0-a5e8-1c4bd60749e6}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/18 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/18 13:36:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/15 15:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/15 15:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/15 15:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/13 10:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/13 10:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/13 01:25:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/09/13 01:24:47 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/13 01:24:46 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/13 01:20:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2012/09/12 21:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/12 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2012/09/12 20:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/12 20:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 20:37:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/12 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/11 21:57:05 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/09/11 21:54:57 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/09/08 23:05:41 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/05 19:21:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\BestBuy.com - Thank You_files
[2012/09/05 08:04:56 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/05 08:04:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/05 08:04:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/05 08:04:28 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/05 07:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/05 07:27:00 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/09/04 11:30:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My EndNote Library.Data
[2012/09/04 11:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EndNote
[2012/09/04 11:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2012/09/04 11:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012/09/04 11:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012/09/04 11:24:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012/09/04 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X6
[2012/09/04 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012/09/04 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/03 22:54:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Rebirth
[2012/09/03 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\In Rainbows
[2012/09/03 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Radiohead OK Computer
[2012/08/28 08:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Leader Technologies
[2012/08/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Epson
[2012/08/27 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/08/27 18:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2012/08/27 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\LTCM Client
[2012/08/27 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2012/08/27 18:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/08/27 18:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/08/27 18:26:25 | 000,095,232 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FLBIBA.DLL
[2012/08/27 18:26:16 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FD4BIBA.DLL
[2012/08/27 18:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/08/27 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/08/27 18:24:35 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\esw2ud.dll
[2012/08/27 18:24:35 | 000,122,000 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\escsvc.exe
[2012/08/27 18:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/08/22 12:56:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/22 12:56:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/22 12:56:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/08/22 12:56:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/22 12:56:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/08/22 12:56:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/22 12:56:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2012/09/18 19:48:03 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001UA.job
[2012/09/18 19:38:05 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/18 19:37:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/18 19:36:39 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 19:36:39 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 19:27:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/18 19:27:37 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/18 19:14:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/18 12:56:22 | 028,434,336 | ---- | M] () -- C:\Users\Jason\Desktop\dn2012-0918-1.mp3
[2012/09/18 11:05:01 | 000,002,693 | ---- | M] () -- C:\Users\Jason\Desktop\Microsoft Office Word 2007.lnk
[2012/09/18 10:58:21 | 000,003,972 | ---- | M] () -- C:\Users\Jason\Desktop\Attach.zip
[2012/09/18 10:57:01 | 000,003,913 | ---- | M] () -- C:\Users\Jason\Desktop\Attach.rar
[2012/09/17 23:48:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001Core.job
[2012/09/15 15:20:04 | 000,001,240 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/14 22:09:47 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/14 22:09:47 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/13 12:14:00 | 000,000,512 | ---- | M] () -- C:\Users\Jason\Desktop\MBR.dat
[2012/09/13 01:07:16 | 000,375,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/11 22:18:45 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
[2012/09/08 23:05:41 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/08 23:05:41 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/06 11:10:46 | 000,523,467 | ---- | M] () -- C:\Users\Jason\Desktop\contract Aberdeen.pdf
[2012/09/05 19:21:47 | 000,115,652 | ---- | M] () -- C:\Users\Jason\Desktop\BestBuy.com - Thank You.htm
[2012/09/05 08:04:07 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/05 08:04:00 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/05 08:04:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/05 08:03:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/05 08:03:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/09/05 08:03:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/09/05 07:26:59 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/09/04 19:57:46 | 000,014,022 | ---- | M] () -- C:\Users\Jason\Documents\My EndNote Library.enl
[2012/09/03 22:40:23 | 000,000,258 | RHS- | M] () -- C:\Users\Jason\ntuser.pol
[2012/08/30 21:53:28 | 001,326,656 | ---- | M] () -- C:\Users\Jason\Desktop\PreSchoolbooklet201213corrected16.01.12.pdf
[2012/08/27 18:45:44 | 000,000,079 | ---- | M] () -- C:\windows\XP400.ini
[2012/08/27 18:41:08 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk
[2012/08/27 18:24:37 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/08/26 00:16:57 | 000,003,142 | ---- | M] () -- C:\Users\Jason\Desktop\linear-dbgs.gif
[2012/08/24 04:17:07 | 000,411,781 | ---- | M] () -- C:\Users\Jason\Desktop\academic_calendar.pdf
[2012/08/22 13:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/08/22 13:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/08/20 12:59:41 | 000,107,433 | ---- | M] () -- C:\Users\Jason\Desktop\Payment Receipt - PayPal.pdf
========== Files Created - No Company Name ==========
[2012/09/18 12:56:27 | 028,434,336 | ---- | C] () -- C:\Users\Jason\Desktop\dn2012-0918-1.mp3
[2012/09/18 11:05:01 | 000,002,693 | ---- | C] () -- C:\Users\Jason\Desktop\Microsoft Office Word 2007.lnk
[2012/09/18 10:58:21 | 000,003,972 | ---- | C] () -- C:\Users\Jason\Desktop\Attach.zip
[2012/09/18 10:57:01 | 000,003,913 | ---- | C] () -- C:\Users\Jason\Desktop\Attach.rar
[2012/09/15 15:20:04 | 000,001,240 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/12 21:46:51 | 000,000,512 | ---- | C] () -- C:\Users\Jason\Desktop\MBR.dat
[2012/09/08 23:05:46 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 11:10:46 | 000,523,467 | ---- | C] () -- C:\Users\Jason\Desktop\contract Aberdeen.pdf
[2012/09/05 19:21:47 | 000,115,652 | ---- | C] () -- C:\Users\Jason\Desktop\BestBuy.com - Thank You.htm
[2012/09/04 11:30:39 | 000,014,022 | ---- | C] () -- C:\Users\Jason\Documents\My EndNote Library.enl
[2012/09/03 22:40:23 | 000,000,258 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
[2012/08/30 21:53:42 | 001,326,656 | ---- | C] () -- C:\Users\Jason\Desktop\PreSchoolbooklet201213corrected16.01.12.pdf
[2012/08/27 18:41:15 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2012/08/27 18:41:08 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk
[2012/08/27 18:24:37 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/08/26 17:53:33 | 000,000,079 | ---- | C] () -- C:\windows\XP400.ini
[2012/08/26 00:17:12 | 000,003,142 | ---- | C] () -- C:\Users\Jason\Desktop\linear-dbgs.gif
[2012/08/24 04:17:26 | 000,411,781 | ---- | C] () -- C:\Users\Jason\Desktop\academic_calendar.pdf
[2012/08/20 12:59:40 | 000,107,433 | ---- | C] () -- C:\Users\Jason\Desktop\Payment Receipt - PayPal.pdf
[2012/05/11 23:05:06 | 000,000,532 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2012/04/04 07:25:56 | 000,107,008 | ---- | C] () -- C:\windows\System32\PDFENC32.DLL
[2012/01/19 03:22:01 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/09 14:12:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2011/11/06 16:53:07 | 000,020,992 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 16:17:38 | 000,000,266 | ---- | C] () -- C:\windows\lgfwup.ini
[2011/09/28 10:28:37 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2009/12/21 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam
[2009/12/21 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam
[2012/08/24 04:13:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\E-Cam
[2012/09/04 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\EndNote
[2012/08/27 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Epson
[2011/11/11 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2012/08/28 08:50:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leader Technologies
[2012/08/27 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2011/10/12 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Scendix Software
[2012/05/11 23:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Template
[2012/05/08 09:37:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zotero
[2012/07/04 08:16:10 | 000,032,534 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Hey, how are ya doing,
Lets disable a few things and then try the same OTL fix again
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Then disable Avast
Right- click on the avast! icon in system tray. Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently. Try until the computer is restarted
Your version may be a bit different
jasonburnaby
2012-09-19, 04:53
I'm doing good, how are you? I appreciate all the help.
I disabled the Tea Timer and Avast, but the same thing happened when I tried to run the fix.
I should have mentioned this earlier but Windows explorer has a tendency to shut down recently- I get a message saying "Windows Explorer has stopped working". It doesn't even bother me because I can keep other windows open.
Another strange thing that happens is every time I open Word a window opens for a supposed measurement converter program and says "Met.conv has failed, see log for more information"
Also I hardly ever open Internet Explorer but when I do it takes a long time to start up and sometimes stops responding too.
I don't know if any of that can give you a clue as to what is happening. Maybe I should have mentioned these quirks at the beginning, but since none of them really bother me I don't remember them.
Thanks,
Jason
Jason,
Read this about explorer
http://support.microsoft.com/kb/2694911
Try the fix this way
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done and post the log it created after the fix
jasonburnaby
2012-09-19, 16:08
This time it worked! Should I run another scan?
Thanks for the link about Explorer- I'll look into the solutions it offers.
Here's the OTL fix log:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Downloads\cmd.bat deleted successfully.
C:\Users\Jason\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
Now run a new fix like this, then post the fix log and then run a new scan and post the new log please
:processes
killallprocesses
:OTL
Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
[2012/05/31 09:02:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/09/03 22:41:22 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
CHR - homepage: http://search.conduit.com/?ctid=CT32...earchSource=48
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
jasonburnaby
2012-09-19, 16:54
It got stuck again, trying to process this line:
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet
OK, run a new scan and lets see where were at
jasonburnaby
2012-09-19, 20:53
Okay, here's the log. The second one didn't come up again and I can't find it in the C folder. Let me know if you need it, I guess I could try running another scan to see if it comes up. I just noticed there's an "Extra registry" section that's maked "none". Would that have anything to do with the second log?
OTL logfile created on: 9/19/2012 12:39:31 PM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jason\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,99 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,71% Memory free
3,98 Gb Paging File | 2,96 Gb Available in Paging File | 74,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 38,25 Gb Free Space | 38,25% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 53,07 Gb Free Space | 43,20% Space Free | Partition Type: NTFS
Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jason\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
PRC - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\ASUS\LivCam\SMIUtility.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\SearchScopes\{D5610E61-A61F-4151-B939-B20E5744547A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2011/12/01 09:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2012/09/03 22:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/31 09:02:25 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/09/03 22:41:22 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
========== Chrome ==========
CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Zotero Connector = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\3.0.8.1_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/09/19 08:53:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-614520664-3713187643-2091120717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCB96184-E700-4D7A-A71C-E0FC5352A65B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4A7E58-6C5C-45AD-8DB5-60F6C2CD1BF5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f1f5d3d-e9da-11e0-a5e8-1c4bd60749e6}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1f5d3d-e9da-11e0-a5e8-1c4bd60749e6}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/18 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/18 13:36:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/15 15:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/15 15:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/15 15:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/13 10:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/13 10:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/13 01:25:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/09/13 01:24:47 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/13 01:24:46 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/13 01:20:23 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2012/09/12 21:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/12 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2012/09/12 20:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/12 20:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 20:37:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/12 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/11 21:57:05 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/09/11 21:54:57 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/09/08 23:05:41 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/05 19:21:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\BestBuy.com - Thank You_files
[2012/09/05 08:04:56 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/05 08:04:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/05 08:04:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/05 08:04:28 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/05 07:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/05 07:27:00 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/09/04 11:30:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My EndNote Library.Data
[2012/09/04 11:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EndNote
[2012/09/04 11:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2012/09/04 11:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012/09/04 11:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012/09/04 11:24:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012/09/04 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X6
[2012/09/04 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012/09/04 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/03 22:54:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Rebirth
[2012/09/03 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\In Rainbows
[2012/09/03 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Radiohead OK Computer
[2012/08/28 08:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Leader Technologies
[2012/08/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Epson
[2012/08/27 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/08/27 18:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2012/08/27 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\LTCM Client
[2012/08/27 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2012/08/27 18:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/08/27 18:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/08/27 18:26:25 | 000,095,232 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FLBIBA.DLL
[2012/08/27 18:26:16 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FD4BIBA.DLL
[2012/08/27 18:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/08/27 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/08/27 18:24:35 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\esw2ud.dll
[2012/08/27 18:24:35 | 000,122,000 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\escsvc.exe
[2012/08/27 18:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/08/22 12:56:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/22 12:56:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/22 12:56:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/08/22 12:56:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/22 12:56:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/08/22 12:56:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/22 12:56:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2012/09/19 13:03:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/19 12:48:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001UA.job
[2012/09/19 12:38:42 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 12:38:42 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 09:51:33 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/19 09:07:16 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 09:07:16 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 08:58:24 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 08:53:06 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/09/18 12:56:22 | 028,434,336 | ---- | M] () -- C:\Users\Jason\Desktop\dn2012-0918-1.mp3
[2012/09/18 11:05:01 | 000,002,693 | ---- | M] () -- C:\Users\Jason\Desktop\Microsoft Office Word 2007.lnk
[2012/09/18 10:58:21 | 000,003,972 | ---- | M] () -- C:\Users\Jason\Desktop\Attach.zip
[2012/09/18 10:57:01 | 000,003,913 | ---- | M] () -- C:\Users\Jason\Desktop\Attach.rar
[2012/09/17 23:48:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001Core.job
[2012/09/15 15:20:04 | 000,001,240 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/14 22:09:47 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/14 22:09:47 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/13 12:14:00 | 000,000,512 | ---- | M] () -- C:\Users\Jason\Desktop\MBR.dat
[2012/09/13 01:07:16 | 000,375,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/11 22:18:45 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
[2012/09/08 23:05:41 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/08 23:05:41 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/06 11:10:46 | 000,523,467 | ---- | M] () -- C:\Users\Jason\Desktop\contract Aberdeen.pdf
[2012/09/05 19:21:47 | 000,115,652 | ---- | M] () -- C:\Users\Jason\Desktop\BestBuy.com - Thank You.htm
[2012/09/05 08:04:07 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/05 08:04:00 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/05 08:04:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/05 08:03:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/05 08:03:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/09/05 08:03:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/09/05 07:26:59 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/09/04 19:57:46 | 000,014,022 | ---- | M] () -- C:\Users\Jason\Documents\My EndNote Library.enl
[2012/09/03 22:40:23 | 000,000,258 | RHS- | M] () -- C:\Users\Jason\ntuser.pol
[2012/08/30 21:53:28 | 001,326,656 | ---- | M] () -- C:\Users\Jason\Desktop\PreSchoolbooklet201213corrected16.01.12.pdf
[2012/08/27 18:45:44 | 000,000,079 | ---- | M] () -- C:\windows\XP400.ini
[2012/08/27 18:41:08 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk
[2012/08/27 18:24:37 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/08/26 00:16:57 | 000,003,142 | ---- | M] () -- C:\Users\Jason\Desktop\linear-dbgs.gif
[2012/08/24 04:17:07 | 000,411,781 | ---- | M] () -- C:\Users\Jason\Desktop\academic_calendar.pdf
[2012/08/22 13:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/08/22 13:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
========== Files Created - No Company Name ==========
[2012/09/18 12:56:27 | 028,434,336 | ---- | C] () -- C:\Users\Jason\Desktop\dn2012-0918-1.mp3
[2012/09/18 11:05:01 | 000,002,693 | ---- | C] () -- C:\Users\Jason\Desktop\Microsoft Office Word 2007.lnk
[2012/09/18 10:58:21 | 000,003,972 | ---- | C] () -- C:\Users\Jason\Desktop\Attach.zip
[2012/09/18 10:57:01 | 000,003,913 | ---- | C] () -- C:\Users\Jason\Desktop\Attach.rar
[2012/09/15 15:20:04 | 000,001,240 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/12 21:46:51 | 000,000,512 | ---- | C] () -- C:\Users\Jason\Desktop\MBR.dat
[2012/09/08 23:05:46 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 11:10:46 | 000,523,467 | ---- | C] () -- C:\Users\Jason\Desktop\contract Aberdeen.pdf
[2012/09/05 19:21:47 | 000,115,652 | ---- | C] () -- C:\Users\Jason\Desktop\BestBuy.com - Thank You.htm
[2012/09/04 11:30:39 | 000,014,022 | ---- | C] () -- C:\Users\Jason\Documents\My EndNote Library.enl
[2012/09/03 22:40:23 | 000,000,258 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
[2012/08/30 21:53:42 | 001,326,656 | ---- | C] () -- C:\Users\Jason\Desktop\PreSchoolbooklet201213corrected16.01.12.pdf
[2012/08/27 18:41:15 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2012/08/27 18:41:08 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk
[2012/08/27 18:24:37 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/08/26 17:53:33 | 000,000,079 | ---- | C] () -- C:\windows\XP400.ini
[2012/08/26 00:17:12 | 000,003,142 | ---- | C] () -- C:\Users\Jason\Desktop\linear-dbgs.gif
[2012/08/24 04:17:26 | 000,411,781 | ---- | C] () -- C:\Users\Jason\Desktop\academic_calendar.pdf
[2012/08/20 12:59:40 | 000,107,433 | ---- | C] () -- C:\Users\Jason\Desktop\Payment Receipt - PayPal.pdf
[2012/05/11 23:05:06 | 000,000,532 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2012/04/04 07:25:56 | 000,107,008 | ---- | C] () -- C:\windows\System32\PDFENC32.DLL
[2012/01/19 03:22:01 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/09 14:12:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2011/11/06 16:53:07 | 000,020,992 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 16:17:38 | 000,000,266 | ---- | C] () -- C:\windows\lgfwup.ini
[2011/09/28 10:28:37 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2009/12/21 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam
[2009/12/21 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam
[2012/08/24 04:13:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ASUS WebStorage
[2009/12/21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\E-Cam
[2012/09/04 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\EndNote
[2012/08/27 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Epson
[2011/11/11 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2012/08/28 08:50:47 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leader Technologies
[2012/08/27 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2011/10/12 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Scendix Software
[2012/05/11 23:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Template
[2012/05/08 09:37:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zotero
[2012/07/04 08:16:10 | 000,032,534 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Hi, Most of what I was trying to remove was from BitTorrent, we can deal with that a bit later,
I just want to mention that HitMan Pro is a legit program but we have seen some instances of it doing some damage to some systems so your call to keep it or not,
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
jasonburnaby
2012-09-20, 02:30
Okay, here it is:
ComboFix 12-09-18.07 - Jason 09/19/2012 18:40:19.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.926 [GMT -4:00]
Running from: c:\users\Jason\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jason\Documents\metconv.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 23:07 . 2012-09-19 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 22:44 . 2012-09-19 22:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6764C21-C126-461F-B085-8B7C56CE6767}\offreg.dll
2012-09-18 18:31 . 2012-09-18 18:31 -------- d-----w- c:\program files\ESET
2012-09-18 17:36 . 2012-09-18 17:36 -------- d-----w- C:\_OTL
2012-09-18 13:34 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6764C21-C126-461F-B085-8B7C56CE6767}\mpengine.dll
2012-09-15 19:19 . 2012-09-16 11:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-15 19:19 . 2012-09-15 19:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-13 14:56 . 2012-09-13 15:02 -------- d-----w- c:\program files\ERUNT
2012-09-13 05:25 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 05:25 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 05:24 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 05:24 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 05:24 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 05:20 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 01:12 . 2012-09-13 01:12 -------- d-----w- c:\programdata\HitmanPro
2012-09-13 00:38 . 2012-09-13 00:38 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes
2012-09-13 00:37 . 2012-09-13 00:37 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:37 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 00:37 . 2012-09-13 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 01:57 . 2012-09-12 01:57 -------- d-----w- c:\windows\system32\SPReview
2012-09-12 01:54 . 2012-09-12 01:55 -------- d-----w- c:\windows\system32\EventProviders
2012-09-09 03:05 . 2012-09-09 03:05 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 12:04 . 2012-09-05 12:04 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 11:54 . 2012-09-05 11:54 -------- d-----w- c:\programdata\McAfee
2012-09-05 11:27 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-04 15:25 . 2012-09-04 23:57 -------- d-----w- c:\users\Jason\AppData\Roaming\EndNote
2012-09-04 15:25 . 2012-09-04 15:25 -------- d-----w- c:\program files\Common Files\Risxtd
2012-09-04 15:24 . 2012-09-04 15:24 -------- d-----w- c:\program files\Common Files\ResearchSoft
2012-09-04 15:22 . 2012-09-04 15:24 -------- d-----w- c:\program files\EndNote X6
2012-09-04 15:21 . 2012-09-04 15:25 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers
2012-09-04 15:13 . 2012-09-04 15:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-09-04 02:54 . 2012-09-04 02:55 -------- d-----w- c:\users\Jason\Rebirth
2012-09-04 02:53 . 2012-09-04 02:54 -------- d-----w- c:\users\Jason\In Rainbows
2012-09-04 02:52 . 2012-09-04 02:53 -------- d-----w- c:\users\Jason\Radiohead OK Computer
2012-08-28 12:50 . 2012-08-28 12:50 -------- d-----w- c:\users\Jason\AppData\Roaming\Leader Technologies
2012-08-27 23:07 . 2012-08-27 23:11 -------- d-----w- c:\users\Jason\AppData\Roaming\Epson
2012-08-27 22:50 . 2012-08-27 22:50 -------- d-----w- c:\program files\Common Files\EPSON
2012-08-27 22:45 . 2012-08-27 22:45 -------- d-----w- c:\users\Jason\AppData\Roaming\Leadertech
2012-08-27 22:41 . 2012-08-27 22:41 -------- d-----w- c:\program files\LTCM Client
2012-08-27 22:31 . 2012-08-27 22:34 -------- d-----w- c:\program files\Epson Software
2012-08-27 22:26 . 2011-04-18 14:03 95232 ----a-w- c:\windows\system32\E_FLBIBA.DLL
2012-08-27 22:26 . 2011-03-13 14:03 81408 ----a-w- c:\windows\system32\E_FD4BIBA.DLL
2012-08-27 22:25 . 2012-08-29 00:52 -------- d-----w- c:\programdata\EPSON
2012-08-27 22:24 . 2011-12-12 04:00 342016 ----a-w- c:\windows\system32\esw2ud.dll
2012-08-27 22:24 . 2011-12-12 04:00 122000 ----a-w- c:\windows\system32\escsvc.exe
2012-08-27 22:23 . 2012-08-27 22:41 -------- d-----w- c:\program files\epson
2012-08-22 16:59 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 02:18 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-09-09 03:05 . 2011-10-06 13:26 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 12:03 . 2012-06-19 14:03 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 12:03 . 2012-06-19 14:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2011-09-29 11:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-09-29 11:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-09-29 11:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-09-29 11:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-09-29 11:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-09-29 11:11 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-09-29 11:11 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-18 17:47 . 2012-08-16 12:25 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-16 12:25 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-16 12:25 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE" [2011-11-01 246368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2011-07-13 34728]
"HotkeyService"="AsusSender.exe" [2011-07-13 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-07-13 34728]
"EeeStorageBackup"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2011-07-13 34728]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-10-10 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-11-27 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 17:43 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 03:05]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 11:13]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 11:13]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 04:20]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614520664-3713187643-2091120717-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-19 19:17:16
ComboFix-quarantined-files.txt 2012-09-19 23:17
.
Pre-Run: 40.904.757.248 bytes free
Post-Run: 40.583.073.792 bytes free
.
- - End Of File - - E717043FD9951B59A669358DACB4A98D
:bigthumb:
How is your computer behaving now ?
jasonburnaby
2012-09-20, 03:12
Alright!
The computer is behaving very well. Like I say there weren't any major problems before but it's definitely speedier now.
I have an external hard drive and a couple thumb drives that were plugged in before I realized I had a virus. Is there anything I can do to make sure they don't reinfect me? (besides not using them)
Thanks a lot!
jasonburnaby
2012-09-20, 03:22
Actually it's a lot speedier than before! I think I'd gotten used to it being a little sluggish.
Lets check your external drives
Please download Flash_Disinfector.exe (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your computer.
jasonburnaby
2012-09-20, 03:53
I've tried to install it several times but nothing happens. My computer asks me if I allow it to make changes, I say yes and then... nothing. It's not on my program list and I've looked in the Task Manager and it's not running.
You can try plugging the drive in and then run the Full Scan with Malwarebytes being sure to check the drive letter for your device
jasonburnaby
2012-09-20, 17:24
Okay, I ran that and it found no threats- log pasted below.
Is my system clean now or is there anything else I should do?
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.20.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jason :: JASON-PC [administrator]
9/20/2012 9:59:50 AM
mbam-log-2012-09-20 (09-59-50).txt
Scan type: Full scan (E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210229
Time elapsed: 18 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Looks like your good to go, unless you want to search for left over entries for Bittorrent, if so do this
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
BitTorrentControl_v12 Toolbar
BitTorrent
:folderfind
BitTorrentControl_v12 Toolbar
BitTorrent
:Regfind
BitTorrentControl_v12 Toolbar
BitTorrent
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
jasonburnaby
2012-09-20, 21:07
Alright, here's the log.
SystemLook 30.07.11 by jpshortstuff
Log created at 13:36 on 20/09/2012 by Jason
Administrator - Elevation successful
========== filefind ==========
Searching for "BitTorrentControl_v12 Toolbar"
No files found.
Searching for "BitTorrent"
No files found.
========== folderfind ==========
Searching for "BitTorrentControl_v12 Toolbar"
No folders found.
Searching for "BitTorrent"
C:\Users\Jason\AppData\Local\BitTorrent d------ [12:06 29/09/2011]
========== Regfind ==========
Searching for "BitTorrentControl_v12 Toolbar"
No data found.
Searching for "BitTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}]
"DisplayName"="BitTorrentControl_v12 Customized Web Search"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a"="BitTorrent.exe"
[HKEY_CURRENT_USER\Software\Classes\.btapp]
@="BitTorrent"
[HKEY_CURRENT_USER\Software\Classes\.btapp]
"Content Type"="application/x-bittorrent-app"
[HKEY_CURRENT_USER\Software\Classes\.btapp\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_CURRENT_USER\Software\Classes\.btapp\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\.btinstall]
@="BitTorrent"
[HKEY_CURRENT_USER\Software\Classes\.btinstall]
"Content Type"="application/x-bittorrent-appinst"
[HKEY_CURRENT_USER\Software\Classes\.btinstall\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_CURRENT_USER\Software\Classes\.btinstall\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\.btskin]
@="BitTorrent"
[HKEY_CURRENT_USER\Software\Classes\.btskin]
"Content Type"="application/x-bittorrent-skin"
[HKEY_CURRENT_USER\Software\Classes\.btskin\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_CURRENT_USER\Software\Classes\.btskin\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\Applications\BitTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\BitTorrent.exe\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "/DNA""
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]
"AppPath"="C:\Program Files\BitTorrent\BitTorrent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BitTorrent-7_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BitTorrent-7_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BitTorrent3_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BitTorrent3_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2812B9D7-44F1-496F-B504-4AC54C66F43B}]
"DisplayName"="BitTorrentControl_v12 Customized Web Search"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a"="BitTorrent.exe"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btapp]
@="BitTorrent"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btapp]
"Content Type"="application/x-bittorrent-app"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btapp\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btapp\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btinstall]
@="BitTorrent"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btinstall]
"Content Type"="application/x-bittorrent-appinst"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btinstall\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btinstall\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btskin]
@="BitTorrent"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btskin]
"Content Type"="application/x-bittorrent-skin"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btskin\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\.btskin\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\Applications\BitTorrent.exe]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\Applications\BitTorrent.exe\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btapp]
@="BitTorrent"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btapp]
"Content Type"="application/x-bittorrent-app"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btapp\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btapp\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btinstall]
@="BitTorrent"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btinstall]
"Content Type"="application/x-bittorrent-appinst"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btinstall\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btinstall\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btskin]
@="BitTorrent"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btskin]
"Content Type"="application/x-bittorrent-skin"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btskin\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\.btskin\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\Applications\BitTorrent.exe]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\Applications\BitTorrent.exe\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\btdna\DefaultIcon]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\btdna\shell\open\command]
@=""C:\Program Files\BitTorrent\BitTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_USERS\S-1-5-21-614520664-3713187643-2091120717-1001_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
-= EOF =-
This is totally up to you to try, but back up your registry first
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
You can delete these
C:\Users\Jason\AppData\Local\BitTorrent
C:\Program Files\BitTorrent
Then go to Start > Run and type in Regedit,
When it opens, follow the paths clicking on each one to open
HKEY_CURRENT_USER ....than Software....and right click on BitTorrent and delete it
Then do the same here
HKEY_LOCAL_MACHINE than SOFTWARE and again right click on BitTorrent and delete it
Reboot your system and let me know how it went
jasonburnaby
2012-09-21, 04:53
I tried to back up the registry but it gave me errors creating an inf file and 4-5 folders, saying access is denied.
OK, I dont like fooling with the registry without a backup
Try uninstalling BiTtorrent with this program
http://www.revouninstaller.com/revo_uninstaller_free_download.html
jasonburnaby
2012-09-21, 16:09
For anything that doesn't work, you always have more tricks up your sleeve.
But I downloaded Revo and BitTorrent doesn't appear on the list of programs.
From what I understand were trying to get rid of some stubborn remnants of BitTorrent here? Do they affect the functioning of the computer?
I won't have access to my computer for a couple days, but if there are more steps I'd be happy to take them when I'm back online. It's up to you- I appreciate all your help but I imagine you have a lot of other people to help. Either way I'm eternally grateful. You people are heroes.
You can delete those two folders , the reg entries are more clutter than anything but you have Spybot Search and Destroy installed, you can run a scan with the reg cleaner searching for uninstalled programs and when it finds the ones for BitTorrent have it remove them
See you back here in a few days, let me know of any other problems