View Full Version : Late Response: Little things here and there, family computer, not own.
Phosforic
2014-01-24, 12:20
http://forums.spybot.info/showthread.php?70031-Little-things-here-and-there-family-computer-not-own , thanks a bunch for getting back . I apologize for the late reply. I have not reinstalled the router, hopefully will have time this weekend. Would you recommend doing it before or after all this? It's a rootkit, no?
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16526
Run by Lynn at 5:17:09 on 2014-01-24
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Lynn\Downloads\aswMBR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: c:\users\lynn\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lynn\appdata\roaming\mozilla\firefox\profiles\tlx9jl26.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-01-24 08:49:32 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5ecd11e-9713-43a2-8707-17d7647c9b32}\MpKslb67f0fc5.sys
2014-01-24 02:54:24 719224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b12d2d74-ec4a-4d63-9537-3825f4fd42a7}\gapaengine.dll
2014-01-24 02:48:57 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5ecd11e-9713-43a2-8707-17d7647c9b32}\mpengine.dll
2014-01-23 02:46:28 719224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-01-23 02:43:04 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-23 00:03:00 -------- d-----w- c:\program files\HP
2014-01-23 00:02:46 -------- d-----w- c:\users\lynn\appdata\local\HP
2014-01-17 09:15:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-17 09:15:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-14 04:34:52 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-14 04:34:10 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-04 03:45:11 -------- d--h--w- c:\windows\msdownld.tmp
2014-01-04 03:44:58 -------- d-----w- c:\program files\Microsoft
2014-01-04 03:44:19 -------- d--h--w- c:\programdata\Common Files
2014-01-04 03:44:18 -------- d-----w- c:\users\lynn\appdata\local\MFAData
2014-01-04 03:44:18 -------- d-----w- c:\users\lynn\appdata\local\Avg2014
2014-01-04 03:44:18 -------- d-----w- c:\programdata\MFAData
2014-01-04 02:59:06 7760024 ------w- c:\programdata\microsoft\windows defender\definition updates\{f2046fb7-8e4d-4cd5-a893-f7376af4360f}\mpengine.dll
2014-01-04 02:29:36 -------- d-----w- c:\windows\system32\appmgmt
2013-12-31 07:15:54 -------- d-----w- c:\users\lynn\appdata\local\Macromedia
2013-12-30 18:15:54 -------- d-----w- c:\users\lynn\appdata\local\Mozilla
2013-12-30 18:15:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-12-28 03:58:12 -------- d-----w- c:\windows\Migration
.
==================== Find3M ====================
.
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35:24 2050560 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 5:17:49.05 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-24 03:49:02
-----------------------------
03:49:02.752 OS Version: Windows 6.0.6002 Service Pack 2
03:49:02.752 Number of processors: 1 586 0x5F02
03:49:02.753 ComputerName: COLLECTIVE UserName: Lynn
03:49:06.048 Initialize success
04:12:13.051 AVAST engine defs: 14012301
04:12:31.886 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
04:12:31.910 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 6
04:12:32.182 Disk 0 MBR read successfully
04:12:32.186 Disk 0 MBR scan
04:12:32.761 Disk 0 Windows VISTA default MBR code
04:12:32.778 Disk 0 Partition 1 00 06 FAT16 9800 MB offset 2048
04:12:32.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142825 MB offset 20072448
04:12:33.199 Disk 0 scanning sectors +312578048
04:12:33.465 Disk 0 scanning C:\Windows\system32\drivers
04:13:10.241 Service scanning
04:13:42.161 Service MpKslb67f0fc5 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5ECD11E-9713-43A2-8707-17D7647C9B32}\MpKslb67f0fc5.sys **LOCKED** 32
04:14:15.469 Modules scanning
04:14:23.761 Disk 0 trace - called modules:
04:14:23.800 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
04:14:24.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c6d528]
04:14:24.206 3 CLASSPNP.SYS[8619d8b3] -> nt!IofCallDriver -> [0x8396de00]
04:14:24.223 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\00000050[0x8396e7f0]
04:14:25.924 AVAST engine scan C:\Windows
04:14:28.770 AVAST engine scan C:\Windows\system32
04:20:38.181 AVAST engine scan C:\Windows\system32\drivers
04:21:06.365 AVAST engine scan C:\Users\Lynn
04:35:26.687 AVAST engine scan C:\ProgramData
04:36:01.106 Scan finished successfully
04:36:24.771 Disk 0 MBR has been saved successfully to "C:\Users\Lynn\Desktop\MBR.dat"
04:36:24.825 The log file has been saved successfully to "C:\Users\Lynn\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-24 04:55:00
-----------------------------
04:55:00.186 OS Version: Windows 6.0.6002 Service Pack 2
04:55:00.186 Number of processors: 1 586 0x5F02
04:55:00.186 ComputerName: COLLECTIVE UserName: Lynn
04:55:01.247 Initialize success
04:55:46.440 AVAST engine defs: 14012301
04:55:48.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
04:55:48.141 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 6
04:55:48.234 Disk 0 MBR read successfully
04:55:48.234 Disk 0 MBR scan
04:55:48.250 Disk 0 Windows VISTA default MBR code
04:55:48.266 Disk 0 Partition 1 00 06 FAT16 9800 MB offset 2048
04:55:48.281 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142825 MB offset 20072448
04:55:48.297 Disk 0 scanning sectors +312578048
04:55:48.344 Disk 0 scanning C:\Windows\system32\drivers
04:55:55.457 Service scanning
04:56:13.896 Modules scanning
04:56:15.831 Disk 0 trace - called modules:
04:56:15.862 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
04:56:16.377 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c17030]
04:56:16.377 3 CLASSPNP.SYS[861aa8b3] -> nt!IofCallDriver -> [0x84307b78]
04:56:16.377 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\00000051[0x842d0c90]
04:56:17.001 AVAST engine scan C:\Windows
04:56:18.233 AVAST engine scan C:\Windows\system32
04:58:39.647 AVAST engine scan C:\Windows\system32\drivers
04:58:49.569 AVAST engine scan C:\Users\Lynn
05:10:42.737 AVAST engine scan C:\ProgramData
05:11:10.130 Scan finished successfully
05:15:52.807 Disk 0 MBR has been saved successfully to "C:\Users\Lynn\Desktop\MBR.dat"
05:15:52.838 The log file has been saved successfully to "C:\Users\Lynn\Desktop\aswMBR.txt"
Hi, at this point not looking at a rootkit but we can check further.
What symptoms are you experiencing ?????
Just so you know threads are closed if no response by you in 3 days
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Phosforic
2014-01-29, 15:08
3 days, gotcha. Uhm, it's fan is obnoxiously loud and running at weird times. Sometimes javascripts will stop responding. Spybot still isn't running in admin mode, restart doesn't seem to work properly. Nothing much new has happened that i've noticed, but the quarks are still there. Thanks for getting back.
# AdwCleaner v3.010 - Report created 29/01/2014 at 08:06:27
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : Lynn - COLLECTIVE
# Running from : C:\Users\Lynn\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Lynn\AppData\LocalLow\Conduit
Folder Found C:\Users\Lynn\AppData\LocalLow\PriceGong
Folder Found C:\Windows\system32\Searchprotect
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3292715
Key Found : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\tlx9jl26.default\prefs.js ]
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1497 octets] - [29/01/2014 08:06:27]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1557 octets] ##########
Good Morning,
You have some garbage on this computer namely in the Conduit, what we can do is clean you up and get rid of this stuff and then go from there
Run these in order as listed please, I need to see the report from each one, if there to large to post all in one reply then take as many replies as you need to post them, please don't attach them, just copy and paste the logs back into this thread
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Phosforic
2014-01-30, 17:51
woo, a reboot. mornin dood.
# AdwCleaner v3.010 - Report created 30/01/2014 at 10:15:53
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : Lynn - COLLECTIVE
# Running from : C:\Users\Lynn\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Windows\system32\Searchprotect
Folder Deleted : C:\Users\Lynn\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lynn\AppData\LocalLow\PriceGong
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292715
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\tlx9jl26.default\prefs.js ]
-\\ Google Chrome v32.0.1700.102
[ File : C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1637 octets] - [29/01/2014 08:06:27]
AdwCleaner[R1].txt - [1698 octets] - [30/01/2014 10:15:05]
AdwCleaner[S0].txt - [1653 octets] - [30/01/2014 10:15:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1713 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Business x86
Ran by Lynn on Thu 01/30/2014 at 10:26:19.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF23BF23-A9B1-4929-B546-C8F0A546C965}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Lynn\appdata\local\cre"
~~~ FireFox
Emptied folder: C:\Users\Lynn\AppData\Roaming\mozilla\firefox\profiles\tlx9jl26.default\minidumps [16 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/30/2014 at 10:29:07.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.30.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lynn :: COLLECTIVE [administrator]
1/30/2014 10:38:04 AM
mbam-log-2014-01-30 (10-38-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198449
Time elapsed: 8 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
:bigthumb:
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Phosforic
2014-01-31, 08:39
OTL logfile created on: 1/31/2014 1:13:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lynn\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.76 Mb Total Physical Memory | 373.78 Mb Available Physical Memory | 36.58% Memory free
2.83 Gb Paging File | 1.65 Gb Available in Paging File | 58.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.48 Gb Total Space | 86.97 Gb Free Space | 62.35% Space Free | Partition Type: NTFS
Drive E: | 47.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: COLLECTIVE | User Name: Lynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\827818ac7a8efa7a7ff96561dd45ec80\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Device\c9fe449bf5978b93b2b95098b1acccbd\System.Device.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\49d7f498821498b3d5e9fe5bafceba41\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\64c51ef21713c34883a839dd202ff655\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\0503fcc7d094e9583abada0529543ce1\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e4c8762890b29890eb27c9cabb86e2c5\Microsoft.CSharp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\91f013ac51473e820d6aa36cc0e59bdb\System.Dynamic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\8527638d9c471f116ff277e4e774619d\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 E6 45 97 7A DE CE 01 [binary data]
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\..\SearchScopes,DefaultScope = {B9F9564D-FB1B-4EA5-876C-B9DA7CD2B427}
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\..\SearchScopes\{18579273-F001-4584-BA07-8252F9CD5B30}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\..\SearchScopes\{B9F9564D-FB1B-4EA5-876C-B9DA7CD2B427}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/12/30 13:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2013/12/30 13:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/30 13:14:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Drive = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/30 10:56:31 | 000,450,649 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15471 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1070394170-13485805-302000740-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1070394170-13485805-302000740-1000..\Run: [TWC.Win7] C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 08:46:04 | 000,000,101 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{95136134-2f38-11e3-8289-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95136134-2f38-11e3-8289-806e6f6e6963}\Shell\AutoRun\command - "" = E:\vivitar\runsetup.exe -- [2009/05/05 08:44:06 | 000,067,656 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/31 01:07:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2014/01/30 10:36:22 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes
[2014/01/30 10:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/30 10:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/30 10:36:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/30 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/30 10:26:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/30 10:22:54 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\Downloaded Installations
[2014/01/29 08:06:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/22 19:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/01/22 19:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/01/22 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/01/22 19:02:46 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\HP
[2014/01/17 04:15:36 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/17 04:15:35 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/13 23:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/13 23:34:10 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/03 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014/01/03 22:44:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/03 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\MFAData
[2014/01/03 22:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/03 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\Avg2014
[2014/01/03 21:29:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/31 01:09:07 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 01:09:07 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 01:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2014/01/31 01:04:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2014/01/31 00:31:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/31 00:30:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 00:28:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/30 19:41:39 | 000,002,743 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/01/30 17:24:09 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/30 17:10:14 | 000,001,791 | ---- | M] () -- C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
[2014/01/30 10:56:31 | 000,450,649 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/30 10:36:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/29 08:05:50 | 001,060,070 | ---- | M] () -- C:\Users\Lynn\Desktop\AdwCleaner.exe
[2014/01/24 05:24:19 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/23 06:47:53 | 000,641,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/23 06:47:53 | 000,119,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/22 19:05:01 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:05:01 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:02:52 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/01/17 04:20:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/17 04:20:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/17 02:15:24 | 000,450,597 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140130-105631.backup
[2014/01/16 00:02:35 | 000,000,512 | ---- | M] () -- C:\Users\Lynn\Documents\MBR.dat
[2014/01/14 02:01:44 | 000,001,011 | ---- | M] () -- C:\Users\Lynn\Documents\Attach.zip
[2014/01/13 23:35:45 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/08 00:38:12 | 000,000,000 | -H-- | M] () -- C:\Users\Lynn\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/30 10:36:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/30 10:23:52 | 000,002,743 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/01/29 08:05:44 | 001,060,070 | ---- | C] () -- C:\Users\Lynn\Desktop\AdwCleaner.exe
[2014/01/22 19:06:02 | 000,001,791 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:05:01 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:05:01 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:02:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/01/17 04:20:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 23:43:10 | 000,000,512 | ---- | C] () -- C:\Users\Lynn\Documents\MBR.dat
[2014/01/14 02:01:44 | 000,001,011 | ---- | C] () -- C:\Users\Lynn\Documents\Attach.zip
[2014/01/13 23:35:28 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/08 00:38:12 | 000,000,000 | -H-- | C] () -- C:\Users\Lynn\Documents\Default.rdp
[2013/10/06 11:10:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/10/06 08:04:13 | 000,000,680 | ---- | C] () -- C:\Users\Lynn\AppData\Local\d3d9caps.dat
[2013/04/29 23:36:28 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/06 12:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
========== ZeroAccess Check ==========
[2006/11/02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:19:56 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:19:45 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/05 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\calibre
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 1/31/2014 1:13:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lynn\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.76 Mb Total Physical Memory | 373.78 Mb Available Physical Memory | 36.58% Memory free
2.83 Gb Paging File | 1.65 Gb Available in Paging File | 58.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.48 Gb Total Space | 86.97 Gb Free Space | 62.35% Space Free | Partition Type: NTFS
Drive E: | 47.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: COLLECTIVE | User Name: Lynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{44658192-7250-47CD-A264-EEC857900052}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{491EEFEF-2674-47DB-939A-92CE162A45C6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5DAA97CC-A46D-482C-8520-C3CAD2B3E32D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F2EC54F-12B3-424A-B605-8034F56DEA22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66CFB8E9-6F68-4792-BDB2-261D00265C28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93C84041-AC44-4F16-8A7F-5CBCF2377E12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0A2913F-8D78-4838-A4D6-92D5D3EF40F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D3BDCFD9-32AF-47DC-8D86-2A2898394371}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4039C179-D829-4622-826B-594F217B560F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42554F68-C2FE-46F1-B0A9-D79A5FD775EF}" = dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{65F01AA4-7BAD-4A3F-B8AB-1B66D5DD414F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C8DCB69E-A474-43FC-BFC1-C4D62C9F25F5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EEF361CA-BB5D-4708-857E-8D3D17BCC289}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F0C50AAD-1B22-479F-A13C-55AFF72D4456}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{F7D55F53-B090-4EC8-A681-905BBFD53917}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"TCP Query User{2FA9F43C-DB2F-4E2A-B96A-E8757B8DAAA5}C:\gog games\neverwinter nights 2 complete\nwn2main_amdxp.exe" = protocol=6 | dir=in | app=c:\gog games\neverwinter nights 2 complete\nwn2main_amdxp.exe |
"TCP Query User{A3CD20F6-9A2B-4632-AE39-8FF3CA6247A8}C:\gog games\neverwinter nights 2 complete\nwn2main.exe" = protocol=6 | dir=in | app=c:\gog games\neverwinter nights 2 complete\nwn2main.exe |
"UDP Query User{35534541-EA52-45C3-8419-58157852273F}C:\gog games\neverwinter nights 2 complete\nwn2main.exe" = protocol=17 | dir=in | app=c:\gog games\neverwinter nights 2 complete\nwn2main.exe |
"UDP Query User{5EC5F79B-16C9-4CD0-8798-AEFF1A435670}C:\gog games\neverwinter nights 2 complete\nwn2main_amdxp.exe" = protocol=17 | dir=in | app=c:\gog games\neverwinter nights 2 complete\nwn2main_amdxp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{0B11C568-7E39-4105-B26F-F0E84A0E1C46}" = calibre
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D5B19AA-3D3A-5870-C9A0-346EBC5DB21E}" = ccc-utility
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}" = HP Deskjet 1000 J110 series Basic Device Software
"{ACEF85BD-2489-BE0E-9965-CE2F661260AA}" = AMD Fuel
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = AMD VISION Engine Control Center
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Google Chrome" = Google Chrome
"Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"The Weather Channel App" = The Weather Channel App
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/30/2014 12:24:31 PM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/30/2014 6:11:04 PM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/30/2014 6:11:04 PM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/30/2014 6:11:05 PM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/30/2014 9:12:00 PM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/30/2014 9:41:57 PM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/31/2014 12:12:01 AM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/31/2014 1:28:45 AM | Computer Name = Collective | Source = Application | ID = 0
Description =
Error - 1/31/2014 2:09:46 AM | Computer Name = Collective | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 26.0.0.5087, time stamp
0x52a0d273, faulting module xul.dll, version 26.0.0.5087, time stamp 0x52a0d20a,
exception code 0xc0000005, fault offset 0x0014e1a8, process id 0x6bd0, application
start time 0x01cf1e45f4a9a910.
[ System Events ]
Error - 1/30/2014 1:29:09 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
Error - 1/30/2014 1:29:10 PM | Computer Name = Collective | Source = DCOM | ID = 10016
Description =
< End of report >
Good Morning,
This will fix a few entries and clean out your temp files
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
[2014/01/17 02:15:24 | 000,450,597 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140130-105631.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
Phosforic
2014-02-01, 02:40
evening. I ran the fix and OTL stopped responding at empty temp, I waited like 20minutes before shutting down and running it again. Sbsd seems to be working as well, u rock.
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
File C:\Windows\System32\drivers\etc\hosts.20140130-105631.backup not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lynn\Desktop\cmd.bat deleted successfully.
C:\Users\Lynn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Lynn
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lynn
->Temp folder emptied: 20014773 bytes
->Temporary Internet Files folder emptied: 460088529 bytes
->FireFox cache emptied: 19924696 bytes
->Google Chrome cache emptied: 133721714 bytes
->Flash cache emptied: 44550 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7024 bytes
RecycleBin emptied: 303787 bytes
Total Files Cleaned = 605.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01312014_070415
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 1/31/2014 7:32:53 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lynn\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.76 Mb Total Physical Memory | 288.71 Mb Available Physical Memory | 28.26% Memory free
2.31 Gb Paging File | 1.00 Gb Available in Paging File | 43.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.48 Gb Total Space | 89.34 Gb Free Space | 64.06% Space Free | Partition Type: NTFS
Drive E: | 47.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: COLLECTIVE | User Name: Lynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\827818ac7a8efa7a7ff96561dd45ec80\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Device\c9fe449bf5978b93b2b95098b1acccbd\System.Device.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\49d7f498821498b3d5e9fe5bafceba41\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\64c51ef21713c34883a839dd202ff655\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\0503fcc7d094e9583abada0529543ce1\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e4c8762890b29890eb27c9cabb86e2c5\Microsoft.CSharp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\91f013ac51473e820d6aa36cc0e59bdb\System.Dynamic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\8527638d9c471f116ff277e4e774619d\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\sqlite3.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 E6 45 97 7A DE CE 01 [binary data]
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\..\SearchScopes,DefaultScope = {B9F9564D-FB1B-4EA5-876C-B9DA7CD2B427}
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\..\SearchScopes\{18579273-F001-4584-BA07-8252F9CD5B30}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\..\SearchScopes\{B9F9564D-FB1B-4EA5-876C-B9DA7CD2B427}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1070394170-13485805-302000740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/12/30 13:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2013/12/30 13:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/30 13:14:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Drive = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/31 07:04:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1070394170-13485805-302000740-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1070394170-13485805-302000740-1000..\Run: [TWC.Win7] C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{547EBCD8-F443-46FF-ACC6-753E28572E1F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 08:46:04 | 000,000,101 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{95136134-2f38-11e3-8289-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95136134-2f38-11e3-8289-806e6f6e6963}\Shell\AutoRun\command - "" = E:\vivitar\runsetup.exe -- [2009/05/05 08:44:06 | 000,067,656 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/31 06:52:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/31 01:07:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2014/01/30 10:36:22 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes
[2014/01/30 10:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/30 10:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/30 10:36:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/30 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/30 10:26:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/30 10:22:54 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\Downloaded Installations
[2014/01/29 08:06:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/22 19:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/01/22 19:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/01/22 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/01/22 19:02:46 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\HP
[2014/01/17 04:15:36 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/17 04:15:35 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/13 23:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/13 23:34:10 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/03 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014/01/03 22:44:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/03 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\MFAData
[2014/01/03 22:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/03 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\Avg2014
[2014/01/03 21:29:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
========== Files - Modified Within 30 Days ==========
[2014/01/31 19:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 19:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/31 17:48:24 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 17:48:24 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 15:48:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/31 07:09:25 | 000,001,791 | ---- | M] () -- C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
[2014/01/31 07:07:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 07:04:17 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/01/31 01:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2014/01/31 01:04:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2014/01/30 19:41:39 | 000,002,743 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/01/30 10:36:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/29 08:05:50 | 001,060,070 | ---- | M] () -- C:\Users\Lynn\Desktop\AdwCleaner.exe
[2014/01/24 05:24:19 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/23 06:47:53 | 000,641,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/23 06:47:53 | 000,119,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/22 19:05:01 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:05:01 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:02:52 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/01/17 04:20:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/17 04:20:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/16 00:02:35 | 000,000,512 | ---- | M] () -- C:\Users\Lynn\Documents\MBR.dat
[2014/01/14 02:01:44 | 000,001,011 | ---- | M] () -- C:\Users\Lynn\Documents\Attach.zip
[2014/01/13 23:35:45 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/08 00:38:12 | 000,000,000 | -H-- | M] () -- C:\Users\Lynn\Documents\Default.rdp
========== Files Created - No Company Name ==========
[2014/01/30 10:36:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/30 10:23:52 | 000,002,743 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/01/29 08:05:44 | 001,060,070 | ---- | C] () -- C:\Users\Lynn\Desktop\AdwCleaner.exe
[2014/01/22 19:06:02 | 000,001,791 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:05:01 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:05:01 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
[2014/01/22 19:02:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/01/17 04:20:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 23:43:10 | 000,000,512 | ---- | C] () -- C:\Users\Lynn\Documents\MBR.dat
[2014/01/14 02:01:44 | 000,001,011 | ---- | C] () -- C:\Users\Lynn\Documents\Attach.zip
[2014/01/13 23:35:28 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/08 00:38:12 | 000,000,000 | -H-- | C] () -- C:\Users\Lynn\Documents\Default.rdp
[2013/10/06 11:10:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/10/06 08:04:13 | 000,000,680 | ---- | C] () -- C:\Users\Lynn\AppData\Local\d3d9caps.dat
[2013/04/29 23:36:28 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/06 12:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
========== ZeroAccess Check ==========
[2006/11/02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:19:56 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:19:45 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/05 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\calibre
========== Purity Check ==========
< End of report >
Looking good
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Phosforic
2014-02-05, 22:41
The scan came back clean. I don't think it made a log. Thank you a bunch, Ken. Now if I ran a malwarebytes scan on a diferent computer and it came up with PUP.Opencandy. or something would I need to post a new thread, or just remove it using malwarebytes?
Hi,
Your more than welcome
Good news about the ESET scan :bigthumb:
Working more than one computer in the same thread can get very confusing , trust me ....been there done that. As far as Open Candy, it could be good or bad not sure without any logs, but if Malwarebytes flagged it then it must be bad, so lets close this thread and then just start a new topic for the other computer, I will keep an eye open for it but if I miss it we have a very talented staff and one of us will pick it up.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.