View Full Version : cant conect to internet on a laptop that had win32.2urface.bho and win32.downloader
eddiemac1
2013-07-28, 00:35
hi
i am having issues with a lap top that was infected by
win32.2urface.bho and
win32.downloader.gen
the laptop belongs a friend of mine and she was having issues connecting to the internet. i said i would help her out thinking it was going to be something simple but unfortunately it was not.
so history of what i have tried is
initially before thought it was infected i noticed some of the drivers were missing on the pc so i attempted a system restore, however the laptop refused t aloow me to pick a restore point. this is when i realised that it was probably infected.
i downloaded spybot and malware bytes and ran them both
spy bot picked up on several toolbars and the two viruses/hijackers
win32.2urface.bho
win32.downloader.gen
it appeared to clear them
i then ran malware bytes and it found a some more things it didnt like and again said it had cleared them
thinking i was being safe i then ran adwcleaner on the lap top
now when ever any of the 3 above products are run they do not return any issues in the results logs
however i am still seeing issues with the drivers in the system manager and i am unable to update the drivers
the laptop will also not connect to the internet or allow me to create a new connection
so i have abviously missed something or messed up along the way and i am looking for assistance in getting rid of the infection
the dds.txt log is here
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576
Run by Tara at 22:52:06 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.2186 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\windows\system32\SAsrv.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\USB Camera2\VM332_STI.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\windows\system32\DllHost.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
F:\TotalLock.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [332BigDog] c:\program files\usb camera2\VM332_STI.EXE
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [IntelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166} : DHCPNameServer = 109.249.185.224 109.249.188.32
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2010-8-24 54800]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2009-7-30 348160]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2013-7-16 445496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-7-22 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2013-7-24 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2013-7-24 48192]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2009-7-30 815104]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2013-7-24 21520]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-7-30 56320]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 vm332avs;Lenovo Camera2;c:\windows\system32\drivers\vm332avs.sys [2010-8-24 198000]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-8-24 11792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IGRS;IGRS; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-8-24 63240]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-24 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-8-24 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-8-24 579400]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-24 171520]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-18 1817560]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-18 1033688]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-18 171928]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service; [x]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-07-25 23:00:47 -------- d-----w- C:\SWTOOLS
2013-07-25 23:00:21 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-25 22:30:08 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2013-07-25 22:30:07 -------- d-----w- c:\program files\Broadcom Wireless
2013-07-24 22:58:31 48192 ----a-w- c:\windows\system32\drivers\tvtumon.sys
2013-07-24 22:57:48 21520 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys
2013-07-24 22:31:11 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-24 22:24:00 -------- d-----w- C:\ComboFix
2013-07-24 22:05:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-24 21:27:03 98816 ----a-w- c:\windows\sed.exe
2013-07-24 21:27:03 256000 ----a-w- c:\windows\PEV.exe
2013-07-24 21:27:03 208896 ----a-w- c:\windows\MBR.exe
2013-07-24 21:20:33 388096 ----a-r- c:\users\tara\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-24 21:20:33 -------- d-----w- c:\program files\Trend Micro
2013-07-22 20:08:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-07-18 19:28:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-18 19:28:15 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-18 19:28:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-18 17:46:41 -------- d-----w- c:\users\tara\appdata\roaming\Malwarebytes
2013-07-18 17:46:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-18 17:46:30 -------- d-----w- c:\programdata\Malwarebytes
2013-07-18 17:46:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-18 17:46:19 -------- d-----w- c:\users\tara\appdata\local\Programs
2013-07-16 16:02:59 445496 ------w- c:\windows\system32\SASrv.exe
2013-07-16 15:44:12 -------- d-----w- c:\windows\pss
2013-07-16 15:23:34 -------- d-----w- c:\windows\system32\x64
2013-07-16 15:21:24 -------- d-----w- C:\Intel
2013-07-16 15:21:03 -------- d-----w- c:\windows\Downloaded Installations
2013-07-16 15:20:16 -------- d-----w- C:\Drivers
2013-07-12 09:52:37 -------- d-----w- c:\users\tara\appdata\local\{200C9E30-6278-47AD-8ECD-2685A28A5B5C}
2013-07-10 18:31:16 -------- d-----w- c:\users\tara\appdata\local\{C48F28CC-43DA-48FD-BE2A-78D8949A8611}
2013-07-10 18:27:56 -------- d-----w- c:\users\tara\appdata\local\{B8EC8E39-FBFF-44C7-A6F8-1934B23B2068}
2013-07-10 18:07:03 -------- d-----w- c:\users\tara\appdata\local\{A8D94A1B-74DF-4C0F-808E-38D31869D8FD}
2013-07-10 18:02:11 -------- d-----w- C:\inetpub
2013-07-10 17:39:31 -------- d-----w- c:\users\tara\appdata\local\{50A1C149-6357-43E7-B63A-1E1566BC797A}
2013-07-10 17:32:09 -------- d-----w- c:\users\tara\appdata\local\{6182722F-5D67-43A4-862F-39448616D069}
2013-07-06 17:13:56 -------- d-----w- c:\users\tara\appdata\local\{C28D5EC5-A184-4664-B369-5B152ABE5343}
2013-07-03 17:38:12 -------- d-----w- c:\users\tara\appdata\local\{D0C7C66E-CEFD-447E-902E-2E1D36D203E2}
2013-07-03 15:49:38 -------- d-----w- c:\users\tara\appdata\local\{169FE12A-DDE7-4884-9F7A-6E882FE1605D}
2013-06-29 17:07:15 -------- d-----w- c:\users\tara\appdata\local\{E92422B9-55A9-4DD5-B654-75967C7D85A5}
2013-06-28 17:01:38 -------- d-----w- c:\users\tara\appdata\local\{8B5C6F93-A383-4129-B791-E4C3C5D03E44}
2013-06-28 16:54:41 -------- d-----w- c:\users\tara\appdata\local\ElevatedDiagnostics
2013-06-28 16:36:11 -------- d-----w- c:\users\tara\appdata\local\{A1438B7D-A125-4E39-BFB4-51E2B1AEE7AC}
.
==================== Find3M ====================
.
2013-06-08 23:56:00 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-08 23:56:00 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-06-08 23:53:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:52:26.40 ===============
10845
1084610847
Hello eddiemac1,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
1. Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
2. OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
checkup.txt
OTL.txt
Extras.txt
eddiemac1
2013-07-29, 22:45
Firstly thanks for helping me out
myself and Tara who's laptop this is appreciate it a lot.
ok here are the logs
the security check log is as follows
Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.0.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
the Otl.text log is as follows
OTL logfile created on: 7/29/2013 9:22:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tara\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.96% Memory free
5.92 Gb Paging File | 5.13 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.89 Gb Total Space | 204.63 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 28.54 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
Drive F: | 26.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.75 Gb Total Space | 1.75 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Tara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\b553402413fa7b799cf8f2351618916b\SmartAudio.ni.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\ab7c0d1230766b1ecad8b66fce8a5df5\Interop.CxHDAudioAPILib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\System32\IcnOvrly.dll ()
MOD - C:\Windows\System32\SimpleExt.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()
========== Services (SafeList) ==========
SRV - (WatAdminSvc) -- File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (IGRS) -- File not found
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SAService) -- C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV - (PS_MDP) -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
========== Driver Services (SafeList) ==========
DRV - (X6XSEx_Pr143) -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys File not found
DRV - (WinRing0_1_2_0) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (EraserUtilDrv11120) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys File not found
DRV - (catchme) -- C:\Users\Tara\AppData\Local\Temp\catchme.sys File not found
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (vm332avs) -- C:\Windows\System32\drivers\vm332avs.sys (Vimicro Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (bpenum) -- C:\Windows\System32\drivers\bpenum.sys (Intel Corporation)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A5B3D723-866E-47EE-9AA5-2A2C0847DEDB&apn_sauid=15809601-762E-45F4-BB2F-F3B4724A352C&
IE - HKCU\..\SearchScopes\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/12 15:02:29 | 000,000,000 | ---D | M]
[2011/01/01 23:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
[2012/04/18 22:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2013/07/24 22:37:24 | 000,000,027 | ---- | M]) - C:\windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166}: DhcpNameServer = 109.249.185.224 109.249.188.32
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/08/03 10:23:42 | 000,000,069 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.clmp3enc - C:\Program Files\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()
CREATERESTOREPOINT
System Restore Service not available.
CREATERESTOREPOINT
System Restore Service not available.
========== Files/Folders - Created Within 30 Days ==========
[2013/07/29 21:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2013/07/26 00:00:47 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2013/07/26 00:00:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll
[2013/07/25 23:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/07/25 23:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\New folder
[2013/07/25 23:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Wireless
[2013/07/25 23:30:02 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\InstallShield
[2013/07/24 23:58:31 | 000,048,192 | ---- | C] (Lenovo) -- C:\windows\System32\drivers\tvtumon.sys
[2013/07/24 23:57:48 | 000,021,520 | ---- | C] (Lenovo Corporation) -- C:\windows\System32\drivers\AcpiVpc.sys
[2013/07/24 23:31:39 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/24 23:31:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/24 23:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/24 23:04:27 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\mbar-1.06.0.1004
[2013/07/24 22:27:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/24 22:27:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/24 22:27:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/24 22:25:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/22 21:31:44 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/07/22 21:30:18 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\post stuff
[2013/07/22 21:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/07/22 21:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/07/18 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\revouninstaller
[2013/07/18 21:03:26 | 021,691,552 | ---- | C] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
[2013/07/18 21:03:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
[2013/07/18 20:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/07/18 20:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/18 20:28:15 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
[2013/07/18 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/07/18 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Malwarebytes
[2013/07/18 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/18 18:46:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/18 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Programs
[2013/07/18 18:46:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/16 17:02:59 | 000,445,496 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\SASrv.exe
[2013/07/16 16:44:12 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/07/16 16:23:34 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
[2013/07/16 16:21:24 | 000,000,000 | ---D | C] -- C:\Intel
[2013/07/16 16:21:03 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013/07/16 16:20:16 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/07/10 19:02:11 | 000,000,000 | ---D | C] -- C:\inetpub
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/29 21:19:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 21:19:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 21:13:49 | 000,629,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/29 21:13:49 | 000,111,212 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/29 21:12:01 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
[2013/07/29 21:11:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/29 21:11:43 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2013/07/29 21:04:08 | 000,891,098 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2013/07/28 22:59:47 | 000,000,378 | ---- | M] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
[2013/07/27 22:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Tara\Desktop\MBR.dat
[2013/07/25 23:39:31 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
[2013/07/25 23:30:30 | 000,675,958 | ---- | M] () -- C:\windows\System32\oem7.inf
[2013/07/25 23:13:32 | 000,001,219 | ---- | M] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
[2013/07/25 22:51:00 | 000,666,633 | ---- | M] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
[2013/07/24 22:54:04 | 013,399,154 | ---- | M] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
[2013/07/24 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/07/24 22:20:33 | 000,002,959 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
[2013/07/24 22:11:18 | 001,402,880 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.msi
[2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/22 21:31:18 | 000,000,898 | ---- | M] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
[2013/07/22 21:31:18 | 000,000,879 | ---- | M] () -- C:\Users\Tara\Desktop\ERUNT.lnk
[2013/07/22 21:13:54 | 007,123,312 | ---- | M] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
[2013/07/22 21:08:16 | 000,001,244 | ---- | M] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/07/22 21:08:16 | 000,001,220 | ---- | M] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
[2013/07/18 21:01:28 | 021,691,552 | ---- | M] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
[2013/07/18 20:53:52 | 000,014,896 | ---- | M] () -- C:\windows\System32\results.xml
[2013/07/18 20:42:12 | 003,007,700 | ---- | M] () -- C:\Users\Tara\Desktop\revouninstaller.zip
[2013/07/18 20:32:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
[2013/07/18 20:28:24 | 000,000,644 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,616 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,446 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/18 20:28:18 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/07/18 18:46:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/18 18:36:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/16 15:40:03 | 000,000,557 | ---- | M] () -- C:\windows\System32\MyDefrag.debuglog
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/29 21:14:36 | 000,891,098 | ---- | C] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2013/07/28 22:59:47 | 000,000,378 | ---- | C] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
[2013/07/27 22:57:16 | 000,000,512 | ---- | C] () -- C:\Users\Tara\Desktop\MBR.dat
[2013/07/25 23:39:31 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
[2013/07/25 23:30:35 | 000,675,958 | ---- | C] () -- C:\windows\System32\oem7.inf
[2013/07/25 23:13:32 | 000,001,219 | ---- | C] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
[2013/07/25 22:57:42 | 000,666,633 | ---- | C] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
[2013/07/24 23:59:23 | 000,000,066 | -HS- | C] () -- C:\_PartitionInfo
[2013/07/24 23:04:08 | 013,399,154 | ---- | C] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
[2013/07/24 22:27:03 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/24 22:27:03 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/24 22:27:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/24 22:27:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/24 22:27:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/24 22:20:33 | 000,002,959 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
[2013/07/24 22:19:54 | 001,402,880 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.msi
[2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/22 21:31:18 | 000,000,898 | ---- | C] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
[2013/07/22 21:31:18 | 000,000,879 | ---- | C] () -- C:\Users\Tara\Desktop\ERUNT.lnk
[2013/07/22 21:17:05 | 007,123,312 | ---- | C] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
[2013/07/22 21:08:16 | 000,001,244 | ---- | C] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/07/22 21:08:16 | 000,001,220 | ---- | C] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
[2013/07/18 21:03:25 | 003,007,700 | ---- | C] () -- C:\Users\Tara\Desktop\revouninstaller.zip
[2013/07/18 20:28:24 | 000,000,644 | ---- | C] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,616 | ---- | C] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,446 | ---- | C] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/18 20:28:18 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/07/18 20:28:18 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/07/18 18:46:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/07 18:19:56 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/05/20 17:40:41 | 000,001,940 | ---- | C] () -- C:\Users\Tara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/01/10 18:05:22 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\EasyCapture
[2010/12/27 00:55:21 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\ooVoo Details
[2012/11/20 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\RPPrivate
[2013/01/02 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\SoftGrid Client
[2012/02/12 15:06:16 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Tific
[2011/01/12 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\TP
[2011/07/05 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/14 03:07:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/04/29 13:11:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/04/29 13:09:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/04/29 13:09:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/04/29 13:11:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: EXPLORER.EXE.2480.DMP >
[2013/07/18 20:23:07 | 002,712,467 | ---- | M] () MD5=6302F654AB14E45FC27A3DDC1D12F1D9 -- C:\Users\Tara\AppData\Local\CrashDumps\explorer.exe.2480.dmp
< MD5 for: EXPLORER.EXE.2840.DMP >
[2013/07/28 23:04:18 | 002,956,731 | ---- | M] () MD5=71C3D1C5D672B87F180D4E41BD33D5FB -- C:\Users\Tara\AppData\Local\CrashDumps\explorer.exe.2840.dmp
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/07/29 21:19:18 | 000,152,900 | ---- | M] () MD5=940DDA2437BF897B02EA7C328F68CB3C -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
< MD5 for: IEXPLORE.EXE >
[2012/05/18 00:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
[2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5\iexplore.exe
[2012/05/17 23:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
[2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
[2013/02/22 05:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_b104f0edc83023b1\iexplore.exe
[2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935\iexplore.exe
[2013/04/04 23:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_b0f72023c83af39d\iexplore.exe
[2013/02/22 05:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_b183bdcce155df6c\iexplore.exe
[2011/08/20 05:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_b360a432860774ff\iexplore.exe
[2010/11/04 06:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_b3987f3a85deec23\iexplore.exe
[2012/08/24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0\iexplore.exe
[2011/04/22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_b398812085dee94a\iexplore.exe
[2013/01/08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
[2010/11/04 06:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_b402ac8b9f13f917\iexplore.exe
[2011/06/21 06:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_b3c2cf339f43b73b\iexplore.exe
[2011/11/05 05:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_b38fb3ae85e53510\iexplore.exe
[2012/01/02 22:27:32 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[2010/12/18 06:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
[2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c\iexplore.exe
[2013/02/02 05:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
[2011/06/21 06:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_b38113f685ef212c\iexplore.exe
[2011/11/05 05:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_b3d0781f9f391a91\iexplore.exe
[2010/12/18 06:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
[2013/06/09 00:55:59 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/06/09 00:55:59 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\ERDNT\cache\iexplore.exe
[2013/06/09 00:55:59 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2011/02/24 06:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_b42a203b9ef553cc\iexplore.exe
[2012/11/16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012/06/02 09:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94\iexplore.exe
[2013/04/04 22:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_b175ed02e160af58\iexplore.exe
[2012/11/16 04:08:47 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=C0BA71C1B3FB6E3DD432FF3CCAEBDC62 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[2011/02/24 06:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_b35da16e860a2bd3\iexplore.exe
[2012/10/08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_b1955c7ce149422e\iexplore.exe
[2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
[2012/06/29 00:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb\iexplore.exe
[2013/01/08 22:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe
[2011/04/22 20:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_b3ffe0d59f14dce7\iexplore.exe
[2011/08/20 05:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_b40487279f125c2e\iexplore.exe
< MD5 for: IEXPLORE.EXE.2164.DMP >
[2013/07/17 18:58:21 | 003,714,784 | ---- | M] () MD5=D775139CBC5EA1D906B6AE4D0828DBD3 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2164.dmp
< MD5 for: IEXPLORE.EXE.228.DMP >
[2013/07/18 18:21:18 | 003,616,622 | ---- | M] () MD5=2763EB55DC8B0A5E83DAD1A4CA10BE9A -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.228.dmp
< MD5 for: IEXPLORE.EXE.2304.DMP >
[2013/07/18 18:09:13 | 003,633,719 | ---- | M] () MD5=E693965DEBD611B5757CB786F7AB8733 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2304.dmp
< MD5 for: IEXPLORE.EXE.2440.DMP >
[2013/07/18 18:21:02 | 003,645,819 | ---- | M] () MD5=3BEC41B667B140B0F94A7ED7514646C1 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2440.dmp
< MD5 for: IEXPLORE.EXE.2488.DMP >
[2013/07/17 18:58:08 | 003,609,865 | ---- | M] () MD5=4228B7348CF6322A523F536398347053 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2488.dmp
< MD5 for: IEXPLORE.EXE.2852.DMP >
[2013/07/18 18:09:21 | 003,609,082 | ---- | M] () MD5=77A94034CBA4C7FF3BA7209F9E77B81F -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2852.dmp
< MD5 for: IEXPLORE.EXE.2972.DMP >
[2013/07/17 18:58:05 | 003,632,711 | ---- | M] () MD5=CE0EDEEFB5097AE0606F60DB453C82AD -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2972.dmp
< MD5 for: IEXPLORE.EXE.544.DMP >
[2013/07/18 18:21:21 | 003,608,149 | ---- | M] () MD5=CB48AA745810B14558668C97666BF690 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.544.dmp
< MD5 for: IEXPLORE.EXE.MUI >
[2012/01/02 22:27:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
[2013/06/09 00:56:00 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/06/09 00:56:00 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2009/07/14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_acf38f2bbdc896a9\iexplore.exe.mui
[2009/07/14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013/07/22 21:45:15 | 000,125,788 | ---- | M] () MD5=F738E6B5F2787FC4D680A8A510091981 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
< MD5 for: SERVICES >
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
< MD5 for: SERVICES.CFG >
[2011/01/30 16:45:12 | 000,033,726 | ---- | M] () MD5=98813D442AB6F9865FF408E9459D2D78 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/10 12:49:34 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: WINLOGON.ADML >
[2009/07/14 03:05:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010/04/29 13:11:33 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/04/29 13:11:33 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 13:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/20 13:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2009/07/14 03:05:28 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DB61D28A59DEE68F77811B291D83AD1B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cacee7ae656a07ab\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009/07/14 03:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2009/07/14 03:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2013/07/25 22:58:21 | 000,008,642 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/07/25 23:02:07 | 000,001,514 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013/07/25 23:04:17 | 000,001,153 | ---- | M] () -- C:\AdwCleaner[R3].txt
[2013/07/25 23:18:41 | 000,000,940 | ---- | M] () -- C:\AdwCleaner[R4].txt
[2013/07/25 23:28:55 | 000,000,999 | ---- | M] () -- C:\AdwCleaner[R5].txt
[2013/07/26 00:04:23 | 000,001,058 | ---- | M] () -- C:\AdwCleaner[R6].txt
[2013/07/28 13:25:04 | 000,001,119 | ---- | M] () -- C:\AdwCleaner[R7].txt
[2013/07/25 22:59:29 | 000,008,736 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/07/25 23:02:45 | 000,001,462 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/07/24 23:57:53 | 000,000,089 | ---- | M] () -- C:\AtmApInit.txt
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2013/07/24 23:31:38 | 000,020,999 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/07/29 21:12:14 | 010,765,006 | ---- | M] () -- C:\FaceProv.log
[2013/07/29 21:11:43 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/29 21:11:43 | 3179,913,216 | -HS- | M] () -- C:\pagefile.sys
[2013/07/11 03:37:30 | 000,000,000 | ---- | M] () -- C:\Recovery.txt
[2012/03/15 16:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2013/07/29 21:12:03 | 000,023,165 | ---- | M] () -- C:\sysiclog.txt
[2013/07/29 21:12:01 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
eddiemac1
2013-07-29, 22:46
otl scan continued from last post
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is CC8C-440D
Directory of C:\
14/07/2009 05:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:53 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Tara
27/12/2010 00:54 <JUNCTION> Application Data [C:\Users\Tara\AppData\Roaming]
27/12/2010 00:54 <JUNCTION> Cookies [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Cookies]
27/12/2010 00:54 <JUNCTION> Local Settings [C:\Users\Tara\AppData\Local]
27/12/2010 00:54 <JUNCTION> My Documents [C:\Users\Tara\Documents]
27/12/2010 00:54 <JUNCTION> NetHood [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/12/2010 00:54 <JUNCTION> PrintHood [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/12/2010 00:54 <JUNCTION> Recent [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Recent]
27/12/2010 00:54 <JUNCTION> SendTo [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\SendTo]
27/12/2010 00:54 <JUNCTION> Start Menu [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu]
27/12/2010 00:54 <JUNCTION> Templates [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Tara\AppData\Local
27/12/2010 00:54 <JUNCTION> Application Data [C:\Users\Tara\AppData\Local]
27/12/2010 00:54 <JUNCTION> History [C:\Users\Tara\AppData\Local\Microsoft\Windows\History]
27/12/2010 00:54 <JUNCTION> Temporary Internet Files [C:\Users\Tara\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Tara\Documents
27/12/2010 00:54 <JUNCTION> My Music [C:\Users\Tara\Music]
27/12/2010 00:54 <JUNCTION> My Pictures [C:\Users\Tara\Pictures]
27/12/2010 00:54 <JUNCTION> My Videos [C:\Users\Tara\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 219,738,689,536 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/02 23:07:12 | 000,000,221 | -HS- | M] () -- C:\Users\Tara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/07/25 22:51:00 | 000,666,633 | ---- | M] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
[2013/07/18 21:01:28 | 021,691,552 | ---- | M] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
[2013/07/18 18:36:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2013/07/29 21:04:08 | 000,891,098 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2013/07/18 20:32:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
[2013/07/22 21:13:54 | 007,123,312 | ---- | M] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-09 16:52:53
========== Base Services ==========
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: HITACHI HTS545032B9A300
Partitions: 4
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Integral Crypto USB Device
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 253.00GB
Starting Offset: 210763776
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 30.00GB
Starting Offset: 271752626176
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 304230170624
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Win95 w/Extended Int 13
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 16384
Hidden sectors: 0
< End of report >
eddiemac1
2013-07-29, 22:47
exrtas.txt log
OTL Extras logfile created on: 7/29/2013 9:22:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tara\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.96% Memory free
5.92 Gb Paging File | 5.13 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.89 Gb Total Space | 204.63 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 28.54 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
Drive F: | 26.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.75 Gb Total Space | 1.75 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = TorchHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{05BF92BE-B090-4129-A23B-AC233595DFC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1904033B-0F56-4678-B434-B7B426542E9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BF24B59-ACBE-48E2-BF9E-7B4B6620E0D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{24CCEE87-0841-4048-B92B-C51BF0BA5AF6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{29C76CF2-1A1F-4F6C-BABC-32704D6CDD2E}" = lport=138 | protocol=17 | dir=in | app=system |
"{2DBF932A-0505-4DFD-82FD-1515A79063A9}" = lport=137 | protocol=17 | dir=in | app=system |
"{2ED1C350-49AE-4C87-885B-6EF8717F7503}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{323B8B58-29FC-43FE-B2F4-93BB84724B7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FFDE7A8-68CA-48AD-BAA0-2F1DE807E364}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{54874D6D-8C2E-4E5B-85FD-EDD7CE63841A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55A6343D-B142-454B-A85E-6289E6F0023D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6BC230F8-4BB8-476D-9E41-73402A98FE53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C3ADC9D-0774-460A-A051-2ECAE938C078}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CBFF289-92E7-4454-8F1C-F9A2FC377C3B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7866450D-EA65-4490-A4CB-460CB64F86AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{7953C553-87BC-4F69-AD5D-A16DAEB60EBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A7CF5CE-22C5-41F0-8C4C-41E5268ACE35}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C1C898C-6250-4D0C-9FC9-07D90D918434}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{997DB135-531E-4478-BDC7-34371DC3E1E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8B778AA-8855-4A6A-8530-D1EE931E099E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AF33FB97-32ED-43B5-AF26-D9FFF924D296}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B368AED0-A9FC-4593-B0C1-3BCAD5FD1D35}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4B7B7A0-4EAF-4FF2-97FF-1CFA7A0E55DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7C5C218-05AC-4FEA-A673-0449B4C25ECC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E59EDE5D-C08D-463A-85D3-DCBBC64D4250}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5F81F0D-60F9-4F74-8C2E-327995EFFD06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBC7E859-EB94-450B-9F82-A22D2F8A7D5B}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{063820FF-3FBC-4D87-A946-0000865009AB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{09B482F2-93E5-4E82-964F-B70894FA2FB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AC6D78C-59E0-4B4C-A807-ABD8D2571BB1}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{123833B5-1A5C-42C5-982F-A46F3CD39049}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1AF449A0-1DCC-42E1-9C7C-E5E727D98FC6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{1B75D686-2236-4E61-9E8E-77ACB48F8946}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{20B095D4-CC34-451A-B6A7-55B2F6CF2A48}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{2358387D-672A-4EE6-95DB-F84D2C7D32C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{25B53CE2-3A68-4D76-BFD8-730E02C8FA7F}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{27A959B6-9934-4752-A21B-EB9C35E706C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{280C8EBB-458F-44C1-AA4C-B149D9AC54D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29F2E938-AEA8-40BE-AE67-A4EC1B00306C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C2B2CCE-715F-4C20-82A9-B9BA29F43C72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31423DF5-7A0E-4700-81CC-9B048F9CA517}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{356EFCB6-7909-43C6-B1A4-9E4563E39351}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{3E57A8D7-31CD-41DB-B81E-EDAE448E0806}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{41E66251-F263-4E33-A842-CDDF3993FE58}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{45236453-86F2-4179-814D-7C9F76D8CFF6}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49910D38-19D9-49B0-8895-B49DF6D22E39}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{5446EE6D-2BB6-4026-B006-964E65DDA541}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D9ED399-EAAF-441F-9A49-9B557585B63E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{706568C0-1881-4757-9F54-7A7918772512}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7376006D-21D0-4752-9150-631072037062}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{7B45A94A-6AF2-48A0-B600-DB8EB3E6DCBA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{83D01613-1E1F-4C09-A7A5-7B398158EE13}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{85EB7117-BC9C-42FD-860C-DB483FF39A02}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E0D13C8-B746-49EC-9503-DF451BA4348A}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{98ADD3DF-7C0C-41D4-99DE-D756DD2745F6}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{9CB6ABD3-4CBF-444D-9031-C083F1F0CD22}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{9D3F5B80-9859-4F91-923C-1826E55F1FEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9DF55F81-6EE6-4DFA-AB86-5BF5EC2DA9F6}" = protocol=6 | dir=out | app=system |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9CED86F-B93B-4181-AA7D-F872EC33578A}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B616DBC8-1A4C-42CC-B37A-8C89425B3AF5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B9352610-EFB7-403F-891A-F88F77808468}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{BBB970B0-89F7-4666-9965-80E06BB4A829}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BCBF0B69-F8C0-4806-88B3-73EC1708E33E}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C2B20523-826D-48B2-82EC-7984BEB08729}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{C3624ED5-81B7-4226-A1F5-76AE609343E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB2CCAA5-3700-41C9-B643-700962D8948A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD194420-E34D-4D9F-BE81-0C3A47F82C05}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D59A5E9F-5D7B-4572-8736-0C45DD32E540}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{DAE21A0E-6E69-4930-BC93-237992E237D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE32C5DF-B64F-468C-9C47-F89194973A95}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E1BE3E49-D1A9-4D88-B618-8D17B0D5ADA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2F95DE3-3E75-4BED-A994-429BDCCB363F}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E908E74B-07F1-4D83-B14C-E660967C790A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ECFF47FA-F008-4A7F-BBAB-3ED8E121A544}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F70D8EBF-119F-47A9-A34F-AD222A79A420}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAC48EB5-9F3E-41FB-8FBE-A639776870E0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FF4A968F-75DA-4946-A2E0-459009116176}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{51EBA410-FED3-4A50-BD17-3673403827C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8F4C4641-08CE-40B9-97F0-C0E4AFC1DE83}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{5EAE9074-40FC-4564-A6A0-286397B54EDB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BAEE6023-B22C-4289-A54B-CCBA69C8FBD8}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EasyCapture4.0" = EasyCapture
"ERUNT_is1" = ERUNT 1.1j
"exent_532150" = Heroes of Hellas
"exent_554750" = Cradle of Rome
"exent_586350" = 7 Wonders II
"exent_676150" = Heartwild Solitaire - Book Two
"exent_683150" = Time Riddles: The Mansion
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mediaplayer Lite_is1" = Mediaplayer Lite v1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ProInst" = Intel PROSet Wireless
"RealPlayer 15.0" = RealPlayer
"TVWiz" = Intel(R) TV Wizard
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/19/2012 3:10:18 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:19 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:19 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:19 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:20 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:20 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:20 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:22 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:22 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
Error - 3/19/2012 3:10:22 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
Description =
[ System Events ]
Error - 7/29/2013 4:14:06 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1062
Error - 7/29/2013 4:14:06 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1062
Error - 7/29/2013 4:14:06 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.
Error - 7/29/2013 4:17:07 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0
Error - 7/29/2013 4:17:07 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1062
Error - 7/29/2013 4:17:07 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.
Error - 7/29/2013 4:19:18 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0
Error - 7/29/2013 4:19:18 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.
Error - 7/29/2013 4:19:43 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0
Error - 7/29/2013 4:19:43 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.
< End of report >
Hi eddiemac1,
Your log indicates you have run ComboFix recently. Locate the log and post it in your next reply. It should be located here: C:\ComboFix.txt (2013/07/24)
Locate this AdwCleaner log also and post in your next reply: C:\AdwCleaner[S1].txt
=========================
1. Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\..\SearchScopes\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
IE - HKCU\..\SearchScopes\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A5B3D723-866E-47EE-9AA5-2A2C0847DEDB&apn_sauid=15809601-762E-45F4-BB2F-F3B4724A352C&
IE - HKCU\..\SearchScopes\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
:Files
C:\Program Files\Free Ride Games
:Services
X6XSEx_Pr143
:Reg
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================
In your next post please provide the following:
ComboFix.txt from previous run
AdwCleaner[S1].txt from previous run
OTL.txt fix log
Fresh OTL.txt log
How is the computer running, what issues or symptoms are you experiencing?
eddiemac1
2013-07-30, 21:32
thanks for this
the combo log is
ComboFix 13-07-24.03 - Tara 30/07/2013 18:42:27.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.2209 [GMT 1:00]
Running from: c:\users\Tara\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-30 )))))))))))))))))))))))))))))))
.
.
2013-07-30 17:43 . 2013-07-30 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-30 17:31 . 2013-07-30 17:31 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4363A749-D3A3-48AC-BF2C-117B708251CA}\offreg.dll
2013-07-25 23:00 . 2013-07-25 23:00 -------- d-----w- C:\SWTOOLS
2013-07-25 23:00 . 2008-07-16 15:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-25 22:30 . 2009-07-07 16:45 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2013-07-25 22:30 . 2013-07-25 22:30 -------- d-----w- c:\program files\Broadcom Wireless
2013-07-25 22:30 . 2013-07-25 22:30 -------- d-----w- c:\users\Tara\AppData\Roaming\InstallShield
2013-07-24 22:58 . 2008-08-28 17:39 48192 ----a-w- c:\windows\system32\drivers\tvtumon.sys
2013-07-24 22:57 . 2009-05-19 12:43 21520 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys
2013-07-24 22:05 . 2013-07-24 22:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-24 21:20 . 2013-07-24 21:20 388096 ----a-r- c:\users\Tara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-24 21:20 . 2013-07-24 21:20 -------- d-----w- c:\program files\Trend Micro
2013-07-22 20:31 . 2013-07-22 20:31 -------- d-----w- c:\program files\ERUNT
2013-07-22 20:08 . 2013-07-22 20:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-07-18 19:28 . 2013-07-24 21:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-18 19:28 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-18 19:28 . 2013-07-18 19:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\users\Tara\AppData\Roaming\Malwarebytes
2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\programdata\Malwarebytes
2013-07-18 17:46 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\users\Tara\AppData\Local\Programs
2013-07-16 16:02 . 2010-03-25 16:32 445496 ------w- c:\windows\system32\SASrv.exe
2013-07-16 15:23 . 2013-07-16 15:23 -------- d-----w- c:\windows\system32\x64
2013-07-16 15:21 . 2013-07-16 15:21 -------- d-----w- C:\Intel
2013-07-16 15:21 . 2013-07-16 15:21 -------- d-----w- c:\windows\Downloaded Installations
2013-07-16 15:20 . 2013-07-25 23:00 -------- d-----w- C:\Drivers
2013-07-10 18:02 . 2013-07-10 18:02 -------- d-----w- C:\inetpub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 23:56 . 2013-06-08 23:56 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-08 23:56 . 2013-06-08 23:56 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-06-08 23:55 . 2013-06-08 23:55 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-08 23:55 . 2013-06-08 23:55 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-08 23:55 . 2013-06-08 23:55 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-08 23:55 . 2013-06-08 23:55 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-06-08 23:55 . 2013-06-08 23:55 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-08 23:55 . 2013-06-08 23:55 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-06-08 23:55 . 2013-06-08 23:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-08 23:55 . 2013-06-08 23:55 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-06-08 23:55 . 2013-06-08 23:55 361984 ----a-w- c:\windows\system32\html.iec
2013-06-08 23:55 . 2013-06-08 23:55 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-08 23:55 . 2013-06-08 23:55 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-08 23:55 . 2013-06-08 23:55 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-08 23:55 . 2013-06-08 23:55 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-06-08 23:55 . 2013-06-08 23:55 158720 ----a-w- c:\windows\system32\msls31.dll
2013-06-08 23:55 . 2013-06-08 23:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-06-08 23:55 . 2013-06-08 23:55 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-08 23:55 . 2013-06-08 23:55 138752 ----a-w- c:\windows\system32\wextract.exe
2013-06-08 23:55 . 2013-06-08 23:55 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-08 23:55 . 2013-06-08 23:55 12800 ----a-w- c:\windows\system32\mshta.exe
2013-06-08 23:55 . 2013-06-08 23:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-08 23:55 . 2013-06-08 23:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-08 23:53 . 2013-06-08 23:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-08 23:53 . 2013-06-08 23:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-08 23:53 . 2013-06-08 23:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-08 23:53 . 2013-06-08 23:53 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-08 23:53 . 2013-06-08 23:53 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-08 23:53 . 2013-06-08 23:53 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-06-08 23:53 . 2013-06-08 23:53 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-08 23:53 . 2013-06-08 23:53 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-06-08 23:53 . 2013-06-08 23:53 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-06-08 23:53 . 2013-06-08 23:53 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-08 23:53 . 2013-06-08 23:53 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-08 23:53 . 2013-06-08 23:53 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-08 23:53 . 2013-06-08 23:53 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-08 23:53 . 2013-06-08 23:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-08 23:53 . 2013-06-08 23:53 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-08 23:53 . 2013-06-08 23:53 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-06-08 23:53 . 2013-06-08 23:53 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-06-08 23:53 . 2013-06-08 23:53 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-08 23:53 . 2013-06-08 23:53 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-05-14 18:58 . 2012-06-27 09:38 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 06:19 . 2013-06-09 16:52 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4363A749-D3A3-48AC-BF2C-117B708251CA}\mpengine.dll
2013-05-02 01:06 . 2011-12-31 18:41 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-08-24 06:52 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"332BigDog"="c:\program files\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-12-05 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 151064]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-07-30 1425408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
2010-08-24 06:52 3122440 ----a-w- c:\program files\Lenovo\VeriFace\PManage.exe
.
R2 IGRS;IGRS; [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\Free Ride Games\X6XSEx_Pr143.Sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service; [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 funfrm;funfrm; [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 348160]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 430080]
S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-08-28 48192]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 815104]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-04-20 198000]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-07-18 09:58]
.
2013-07-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-07-18 09:57]
.
2013-07-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-07-18 09:58]
.
2013-06-28 c:\windows\Tasks\User_Feed_Synchronization-{D7C28E2A-5629-4098-933B-4379AF44A1A7}.job
- c:\windows\system32\msfeedssync.exe [2013-06-08 23:55]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
"Progid"="SafariHTML"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1816)
c:\windows\system32\IcnOvrly.dll
.
Completion time: 2013-07-30 18:44:27
ComboFix-quarantined-files.txt 2013-07-30 17:44
ComboFix2.txt 2013-07-24 22:31
ComboFix3.txt 2013-07-24 21:41
.
Pre-Run: 219,794,755,584 bytes free
Post-Run: 219,774,451,712 bytes free
.
- - End Of File - - 3CC2B805C4EC7321829D904851BC0B64
A36C5E4F47E84449FF07ED3517B43A31
eddiemac1
2013-07-30, 21:32
the adware log is
# AdwCleaner v2.306 - Logfile created 07/25/2013 at 22:58:09
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Tara - TARA-PC
# Boot Mode : Normal
# Running from : C:\Users\Tara\Desktop\AdwCleaner.exe
# Option [Search]
***** [Services] *****
Found : IB Updater
***** [Files / Folders] *****
File Found : C:\user.js
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free Ride Games
Folder Found : C:\Program Files\IB Updater
Folder Found : C:\Program Files\Perion
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Free Ride Games
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Users\Tara\AppData\Local\Ilivid Player
Folder Found : C:\Users\Tara\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Tara\AppData\LocalLow\Codecv
Folder Found : C:\Users\Tara\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tara\AppData\LocalLow\ilividtoolbarguid
Folder Found : C:\Users\Tara\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Tara\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Tara\AppData\LocalLow\ShoppingReport2
Folder Found : C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\WNLT
Key Found : HKLM\Software\APN
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\DealScout.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.31] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1348353322554078&q={searchTerms}",
Found [l.1874] : homepage = "hxxp://www.searchnu.com/406",
Found [l.2139] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[R1].txt - [8513 octets] - [25/07/2013 22:58:09]
########## EOF - C:\AdwCleaner[R1].txt - [8573 octets] ##########
eddiemac1
2013-07-30, 21:55
the otl fix log is
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\www.exent.com/GameTreatWidget\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
File rity] not found.
File ptytemp] not found.
File boot] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 07302013_204205
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
and the otl log is
OTL logfile created on: 7/30/2013 8:44:43 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tara\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 77.12% Memory free
5.92 Gb Paging File | 5.24 Gb Available in Paging File | 88.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.89 Gb Total Space | 204.74 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 28.54 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
Drive F: | 26.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/12/05 21:25:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/05 14:53:12 | 000,736,312 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\CONEXANT\SAII\SmartAudio.exe
PRC - [2010/03/25 17:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\SASrv.exe
PRC - [2010/01/19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera2\VM332_STI.EXE
PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009/07/31 16:45:56 | 004,114,336 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/07/30 09:45:36 | 001,425,408 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
PRC - [2009/07/30 09:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
PRC - [2009/07/30 09:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
PRC - [2009/06/25 09:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2013/07/16 17:03:22 | 001,374,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\b553402413fa7b799cf8f2351618916b\SmartAudio.ni.exe
MOD - [2013/07/16 17:03:22 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\ab7c0d1230766b1ecad8b66fce8a5df5\Interop.CxHDAudioAPILib.ni.dll
MOD - [2013/05/16 21:36:57 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/16 21:33:40 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 21:33:16 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/16 21:32:42 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/16 21:32:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/02/17 16:19:40 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/17 16:17:15 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/22 21:03:33 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/22 20:46:23 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/22 20:45:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/18 01:47:07 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/18 01:45:43 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/18 01:45:32 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/18 01:44:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/11/05 02:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/08/24 07:52:17 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2010/08/24 07:52:16 | 000,513,288 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (WatAdminSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- -- (IGRS)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/25 17:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\SASrv.exe -- (SAService)
SRV - [2009/09/22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/30 09:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009/07/30 09:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009/07/16 04:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 15:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Unavailable | Unknown] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys -- (X6XSEx_Pr143)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys -- (EraserUtilDrv11120)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tara\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/24 07:51:42 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2010/04/22 05:08:22 | 000,218,744 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/20 18:45:28 | 000,198,000 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2010/03/31 07:49:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/30 10:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 09:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
DRV - [2009/07/28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/07/10 05:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/05/19 13:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/08/06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/12 15:02:29 | 000,000,000 | ---D | M]
[2011/01/01 23:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
[2012/04/18 22:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2013/07/24 22:37:24 | 000,000,027 | ---- | M]) - C:\windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166}: DhcpNameServer = 109.249.185.224 109.249.188.32
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/08/03 10:23:42 | 000,000,069 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/30 20:42:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/30 18:44:29 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/30 18:44:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/30 18:40:13 | 005,094,311 | R--- | C] (Swearware) -- C:\Users\Tara\Desktop\ComboFix.exe
[2013/07/29 21:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2013/07/26 00:00:47 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2013/07/26 00:00:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll
[2013/07/25 23:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/07/25 23:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\New folder
[2013/07/25 23:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Wireless
[2013/07/25 23:30:02 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\InstallShield
[2013/07/24 23:58:31 | 000,048,192 | ---- | C] (Lenovo) -- C:\windows\System32\drivers\tvtumon.sys
[2013/07/24 23:57:48 | 000,021,520 | ---- | C] (Lenovo Corporation) -- C:\windows\System32\drivers\AcpiVpc.sys
[2013/07/24 23:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/24 23:04:27 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\mbar-1.06.0.1004
[2013/07/24 22:27:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/24 22:27:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/24 22:27:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/24 22:25:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/22 21:31:44 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/07/22 21:30:18 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\post stuff
[2013/07/22 21:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/07/22 21:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/07/18 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\revouninstaller
[2013/07/18 21:03:26 | 021,691,552 | ---- | C] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
[2013/07/18 21:03:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
[2013/07/18 20:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/07/18 20:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/18 20:28:15 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
[2013/07/18 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/07/18 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Malwarebytes
[2013/07/18 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/18 18:46:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/18 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Programs
[2013/07/18 18:46:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/16 17:02:59 | 000,445,496 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\SASrv.exe
[2013/07/16 16:44:12 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/07/16 16:23:34 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
[2013/07/16 16:21:24 | 000,000,000 | ---D | C] -- C:\Intel
[2013/07/16 16:21:03 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013/07/16 16:20:16 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/07/10 19:02:11 | 000,000,000 | ---D | C] -- C:\inetpub
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/30 20:42:58 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
[2013/07/30 20:42:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/30 20:42:43 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/30 20:23:21 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 20:23:21 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 20:19:38 | 000,629,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/30 20:19:38 | 000,111,212 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/30 20:14:29 | 000,675,958 | ---- | M] () -- C:\windows\System32\oem7.inf
[2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2013/07/29 21:04:08 | 000,891,098 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2013/07/28 22:59:47 | 000,000,378 | ---- | M] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
[2013/07/27 22:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Tara\Desktop\MBR.dat
[2013/07/25 23:39:31 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
[2013/07/25 23:13:32 | 000,001,219 | ---- | M] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
[2013/07/25 22:51:00 | 000,666,633 | ---- | M] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
[2013/07/24 22:54:04 | 013,399,154 | ---- | M] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
[2013/07/24 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/07/24 22:20:33 | 000,002,959 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
[2013/07/24 22:12:06 | 005,094,311 | R--- | M] (Swearware) -- C:\Users\Tara\Desktop\ComboFix.exe
[2013/07/24 22:11:18 | 001,402,880 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.msi
[2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/22 21:31:18 | 000,000,898 | ---- | M] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
[2013/07/22 21:31:18 | 000,000,879 | ---- | M] () -- C:\Users\Tara\Desktop\ERUNT.lnk
[2013/07/22 21:13:54 | 007,123,312 | ---- | M] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
[2013/07/22 21:08:16 | 000,001,244 | ---- | M] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/07/22 21:08:16 | 000,001,220 | ---- | M] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
[2013/07/18 21:01:28 | 021,691,552 | ---- | M] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
[2013/07/18 20:53:52 | 000,014,896 | ---- | M] () -- C:\windows\System32\results.xml
[2013/07/18 20:42:12 | 003,007,700 | ---- | M] () -- C:\Users\Tara\Desktop\revouninstaller.zip
[2013/07/18 20:32:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
[2013/07/18 20:28:24 | 000,000,644 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,616 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,446 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/18 20:28:18 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/07/18 18:46:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/18 18:36:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/16 15:40:03 | 000,000,557 | ---- | M] () -- C:\windows\System32\MyDefrag.debuglog
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/29 21:14:36 | 000,891,098 | ---- | C] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
[2013/07/28 22:59:47 | 000,000,378 | ---- | C] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
[2013/07/27 22:57:16 | 000,000,512 | ---- | C] () -- C:\Users\Tara\Desktop\MBR.dat
[2013/07/25 23:39:31 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
[2013/07/25 23:30:35 | 000,675,958 | ---- | C] () -- C:\windows\System32\oem7.inf
[2013/07/25 23:13:32 | 000,001,219 | ---- | C] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
[2013/07/25 22:57:42 | 000,666,633 | ---- | C] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
[2013/07/24 23:59:23 | 000,000,066 | -HS- | C] () -- C:\_PartitionInfo
[2013/07/24 23:04:08 | 013,399,154 | ---- | C] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
[2013/07/24 22:27:03 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/24 22:27:03 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/24 22:27:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/24 22:27:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/24 22:27:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/24 22:20:33 | 000,002,959 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
[2013/07/24 22:19:54 | 001,402,880 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.msi
[2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/22 21:31:18 | 000,000,898 | ---- | C] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
[2013/07/22 21:31:18 | 000,000,879 | ---- | C] () -- C:\Users\Tara\Desktop\ERUNT.lnk
[2013/07/22 21:17:05 | 007,123,312 | ---- | C] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
[2013/07/22 21:08:16 | 000,001,244 | ---- | C] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/07/22 21:08:16 | 000,001,220 | ---- | C] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
[2013/07/18 21:03:25 | 003,007,700 | ---- | C] () -- C:\Users\Tara\Desktop\revouninstaller.zip
[2013/07/18 20:28:24 | 000,000,644 | ---- | C] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,616 | ---- | C] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/07/18 20:28:24 | 000,000,446 | ---- | C] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/18 20:28:18 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/07/18 20:28:18 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/07/18 18:46:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/07 18:19:56 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/05/20 17:40:41 | 000,001,940 | ---- | C] () -- C:\Users\Tara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
eddiemac1
2013-07-30, 22:00
the ongoing continuing issue
is that the pc is showing issues in the device manager
the chipset driver and Network drivers are are showing yellow warning triangles and the pc wont let me repair or update the drivers
i have downloaded them on another pc and transferred them over to the faulty pc as it does not have an internet connection
when i run them some they either wont run atall (the chipset driver) or it runs and tells me the driver is older than the current one installed (the Wireless lan driver)
before i carried out any repairs or scans the internet connection came up as having limited access and i could view all the available connections but not create a new one
after the last set of repairs i am now not seeing any available connections and i am still unable to install either the wirelss drivers or the ethernet drivers
Hi eddiemac1,
Please remove any flash / usb drives during the process
=========================
1. Reset TCP/IP stack to installation defaults
You must run the command prompt as an administrator or in an "elevated mode".
Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "netsh int ip reset reset.log" then hit Enter
=========================
2. MiniToolBox
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe), save it to your desktop and run it.
Right click and select "Run as Administrator".
Check-mark the following check-boxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.
List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
=========================
3. DevDiag, and save it to your Desktop:
WTT Download Page (http://forums.whatthetech.com/DevDiag_exe_file25.html) (recommended)
Direct Download (http://jpshortstuff.247fixes.com/DevDiag.exe)
If you are using Vista or Windows 7, please right-click DevDiag.exe and select "Run As Administrator". Otherwise, simply double-click the program to run it.
At the options screen, please type 2 and hit Enter.
The tool will take a few moments to scan. When finished, a report should pop-up, also available on your Desktop (DevDiag.txt).
Please do not copy/paste the report into your next reply. Instead, Attach it by clicking Add Reply, and scrolling down to the Attachments section.
In your next post please provide the following:
Results.txt
DevDiag.txt
eddiemac1
2013-07-31, 19:15
MiniToolBox by Farbar Version: 13-07-2013
Ran by Tara (administrator) on 31-07-2013 at 18:07:12
Running from "C:\Users\Tara\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Broadcom NetLink (TM) Fast Ethernet = Local Area Connection 3 (Hardware not present)
Broadcom 802.11g Network Adapter = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-26-82-CD-1B-BD
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
1...........................Software Loopback Interface 1
11...00 26 82 cd 1b bd ......Broadcom 802.11g Network Adapter
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (07/31/2013 06:02:51 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=928}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
Error: (07/31/2013 06:02:43 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1acd0007-5279-4333-a1d0-4271db67928d}
Error: (07/31/2013 06:02:41 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out
Error: (07/31/2013 06:00:17 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=938}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
Error: (07/31/2013 06:00:09 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d22a77da-f468-4bdd-91b2-0b67257a5616}
Error: (07/31/2013 06:00:07 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out
Error: (07/30/2013 08:55:45 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=8F4}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
Error: (07/30/2013 08:55:37 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {afca3b0a-5428-4d35-bd81-e79352bb479d}
Error: (07/30/2013 08:55:32 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out
Error: (07/30/2013 08:52:59 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
System errors:
=============
Error: (07/31/2013 06:05:13 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (07/31/2013 06:05:12 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (07/31/2013 06:05:12 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (07/31/2013 06:05:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (07/31/2013 06:04:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.
Error: (07/31/2013 06:04:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1062
Error: (07/31/2013 06:04:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1062
Error: (07/31/2013 06:04:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0
Error: (07/31/2013 06:04:56 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x8007042c
Error: (07/31/2013 06:04:55 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.
Microsoft Office Sessions:
=========================
Error: (07/31/2013 06:02:51 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=928}
0x80070002
Error: (07/31/2013 06:02:43 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1acd0007-5279-4333-a1d0-4271db67928d}
Error: (07/31/2013 06:02:41 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out
Error: (07/31/2013 06:00:17 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=938}
0x80070002
Error: (07/31/2013 06:00:09 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d22a77da-f468-4bdd-91b2-0b67257a5616}
Error: (07/31/2013 06:00:07 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out
Error: (07/30/2013 08:55:45 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=8F4}
0x80070002
Error: (07/30/2013 08:55:37 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {afca3b0a-5428-4d35-bd81-e79352bb479d}
Error: (07/30/2013 08:55:32 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out
Error: (07/30/2013 08:52:59 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
=========================== Installed Programs ============================
7 Wonders II
7-Zip 9.21 (Version: 9.21.00.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.0.1) (Version: 10.0.1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.1.361.0)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Conexant HD Audio (Version: 4.119.0.60)
Cradle of Rome
D3DX10 (Version: 15.4.2368.0902)
EasyCapture (Version: V4.0.09.1015)
Energy Management (Version: 4.3.1.2)
ERUNT 1.1j
Heartwild Solitaire - Book Two
Heroes of Hellas
HiJackThis (Version: 1.0.0)
iCloud (Version: 2.1.1.3)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1994)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Intel® PROSet/Wireless WiMAX Software (Version: 1.04.0000)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.100)
Lenovo EasyCamera (Version: 6.96.2018.19)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Lenovo System Repair - Windows Update Monitor (Version: 1.3.0.2127)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mediaplayer Lite v1.0 (Version: 1.0.0.0)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
Power2Go (Version: 5.6.0.4809d4)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
RealUpgrade 1.1 (Version: 1.1.0)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy (Version: 2.1.20)
Time Riddles: The Mansion
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VeriFace (Version: 3.6.0.0921)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Xvid 1.2.1 final uninstall (Version: 1.2)
========================= Memory info: ===================================
Percentage of memory in use: 24%
Total physical RAM: 3032.6 MB
Available physical RAM: 2282.48 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 5282.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.72 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:252.89 GB) (Free:204.72 GB) NTFS
2 Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:28.54 GB) NTFS
========================= Users: ========================================
User accounts for \\TARA-PC
Administrator Guest Tara
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
Hi eddiemac1,
I'm not convinced that the issues you are experiencing are malware related. Although the problems you are experiencing might have been caused by the malware issues you have/had.
Let's run a few more scans to try and rule out any remaining malware.
1. Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
2. ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
3. Mobile Intel® 4 Series Express Chipset Family
Go to Intel® Driver Update Utility (http://www.intel.com/p/en_US/support/detect/graphics) and click on the Check Your System for Updates button.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
Chipset check results
eddiemac1
2013-08-02, 01:01
hi Again
i have tried connecting to my router both wireless and by Ethernet connection
however i am still unable to make a new connection to the internet.
my router is not hidden and is discoverable but is not being found by the connection wizard and i am unable to ping it directly either.
i have tried installing the drivers from intel and broadcam but when i run the chipset driver it says the driver installed is newer than the one i am trying to install
the broadcom driver appears to run correctly but there is still an error showing when i check the device manager before and after i restart the computer after installing it.
i have attached a screen dump of the device manager
as i am unable to connect to the internet i am unable to update malware bytes or run the online scan.
Is there a way to manually uninstall the existing drivers and i can then reinstall them? or would that cause more issues than fix?10854
Hi eddiemac1,
1. Chkdsk in Vista/7
You must run the command prompt as an administrator or in an "elevated mode".
Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /r" (make note of the space between chkdsk and /)
=========================
2. Reboot
=========================
Does the computer have an internal network adapter or does it have a usb stick style adapter?
Go into the Device Manager and highlight each of the items, select Properties. On the General tab, what is the device status?
eddiemac1
2013-08-02, 15:45
I have ran the chkdsk
on the device manager
Mobile Intel(R) 4 Series express chipset Family
the device status for this is
Windows has stopped this device because it has reported problems (Code43)
and under network adapters there is an unknown device that has the status of
This device is not working properly because windows cannot load the drivers required for this device (Code31)
eddiemac1
2013-08-02, 15:52
oh and i forgot to say it is all interanl
its has ethernet and wireless connection ability.
Hi eddiemac1,
Thanks for the information. Let's try this step for both instances.
=========================
1. Uninstall / Re-install via Device Manager
To open Device Manager, click Start, click Search programs and files, and then type Device Manager. A list of available matching items appears above the search box; click Device Manager. Device Manager opens with your computer name at the top and a list of devices that are installed on your computer beneath your computer name.
Locate the malfunctioning device in the list of devices, right-click the device, and then click Uninstall. When a warning message appears that you are uninstalling a device from your system, click OK. Device manager uninstalls the device.
Right-click your computer name in Device Manager and click Scan for hardware changes. Device manager scans your system and automatically re-installs your device.
Right-click the device and click Properties. On the General tab of the device Properties dialog box, in Device status, you should see the message This device is working properly.
=========================
In your next post please provide the following:
Any change?
eddiemac1
2013-08-02, 19:28
that resolved the issue with the 3rd item listed under network adapters but when i uninstalled the chipset it and then scanned for hardware changes it couldn't successfully reinstall the driver.
when i ran the driver file i downloaded from the Lenovo website for the pc and transferred onto the desktop it came up with the same error as before where it looks like it installed but still had the yellow warning triangle
i have now uninstalled it again.
i am still unable to create a new internet connection but it is now offering to let me make a wireless connection even though it is unable to find any open networks
i live in a block of flats and i should be able to see at least 4 networks to connect too, sometimes a lot more when i search using a pc that works, but this laptop is not seeing any.
i slao tried creating a linksys quick connect key and using that but it still wont connect or even find a network, either wireless or by Ethernet.
Hi eddiemac1,
1. Change Service Setting
Go to the Start http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html) menu, type "services" (without quotes) in the search box
Right click the Services http://i1269.photobucket.com/albums/jj590/OCD-WTT/ietoolsbutton.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/ietoolsbutton.jpg.html) and select "Run as Administrator"
The Services GUI will open. Locate the following service and make sure it is set as indicated:
DHCP Client - Status: Started - - Startup Type: Automatic
To change each service double click the service then a window will open.
Locate the Status section, change to status listed here >> click Apply, next select Startup Type listed and click OK.
=========================
2. Reboot
=========================
Check Device Manager and see if there is any change in the status
eddiemac1
2013-08-03, 15:12
ok i tried that
the service status was set to stopped
wheni tried to restart it i got tyhe error message "Windows could not start the DHCP Client on Local Computer Error 5: Access Denied"
Hi eddiemac1,
1. System File Checker (SFC)
Click on the Start button and in the Search programs and files box type the following:
command
Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 (http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=8&f=11&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=0&bts=0&zu=http%3A//windows.microsoft.com/en-us/windows7/turn-user-account-control-on-or-off) for more information.
An elevated Command Prompt window will appear.
Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
After the scan runs type exit to close the command prompt window
Include the findings in your next reply
=========================
2. Reset Winsock
Go to Start - type in cmd and click OK.
At the command prompt type in:
netsh winsock reset catalog
Press enter.
then type in:
netsh int ip reset resetlog.txt
Press enter.
You will need to reboot afterwards.
=========================
3. Network Services are Started
Click on start and type services.msc press enter.
COM+ Event System (for WZC issues)
Computer Browser
DHCP Client
DNS Client
Network Connections
Network Location Awareness
Remote Procedure Call (RPC)
Server
TCP/IP Netbios helper
WLAN AutoConfig
Workstation
=========================
Update on which Services you are unable to start, if any (error message also if shown)
eddiemac1
2013-08-03, 18:43
hi again
i ran the syatem file checker and it ran with no issues and at the end this message was displayed
Windows resource protection did not find any integrrity violations
i was then able to reset the winsock as instructed
the follwoing are the result of the services check you asked me to carry out
COM+ Event System (for WZC issues) - was salready started
Computer Browser - i satrted
DHCP Client - got the error windows could not start the DHCP Client service on the local computer access denied
DNS Client - was already started
Network Connections - was already started
Network Location Awareness - windows could not start the Network awareness on local computer. For more information. review the system event log. If this is a non microsfot service,contact the service vendor and refer to service specific error code -1073741288
Remote Procedure Call (RPC) - was already started
Server - was already started
TCP/IP Netbios helper - was already started
WLAN AutoConfig - was already started
Workstation - was already started
i hope these results help and are not going to cause even more confusion.
thanks again.
Hi eddiemac1
Can you tell me the make, model of the computer we are working with?
eddiemac1
2013-08-04, 12:24
sure
its a Lenovo G550 Model 2958
Hi eddiemac1,
Lenovo G550 Model 2958 Is there a 3 character (letter/number combination) Model Type listed? The Model 2958 is the Machine Type.
=========================
We might be dealing with a hardware issue, so if we can rule out malware that would be helpful.
Can you download Malwarebytes' to a flash drive and transfer to the infected computer, obviously skip the update step and run a scan and post the log.
=========================
1. Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
Select Perform quick scan, then click Scan.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
In your next post please provide the following:
MBAM log
eddiemac1
2013-08-04, 18:51
ok i got this off the sticker on the base of the pc
Lenovo G550
Model Name 2958
Factory id PRC4
and the scan came up clean
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.04.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Tara :: TARA-PC [administrator]
04/08/2013 17:41:54
mbam-log-2013-08-04 (17-41-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203528
Time elapsed: 4 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
eddiemac1
2013-08-04, 20:45
hi there
just to let you know
Tara has found her windows disk and we have reinstalled win7 and it seems to working as normall
i have ran malware bytes after succesfully updating it and it came up clean again.
we are currently runing all the windows updates and once complete will install spybot and update that as well.
i would like to thank you for all your effort and patience in dealing with our issues.
but you will be glad i am sure that you can finally close this issue off.
thanks again.
Hi eddiemac1,
You're very welcome. Glad you have resolved the issue. :bigthumb: Have a great day.
Since this issue appears to be resolved ... this Topic has been closed.