Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: cant conect to internet on a laptop that had win32.2urface.bho and win32.downloader

  1. #1
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default cant conect to internet on a laptop that had win32.2urface.bho and win32.downloader

    hi

    i am having issues with a lap top that was infected by

    win32.2urface.bho and
    win32.downloader.gen

    the laptop belongs a friend of mine and she was having issues connecting to the internet. i said i would help her out thinking it was going to be something simple but unfortunately it was not.

    so history of what i have tried is

    initially before thought it was infected i noticed some of the drivers were missing on the pc so i attempted a system restore, however the laptop refused t aloow me to pick a restore point. this is when i realised that it was probably infected.


    i downloaded spybot and malware bytes and ran them both

    spy bot picked up on several toolbars and the two viruses/hijackers

    win32.2urface.bho
    win32.downloader.gen


    it appeared to clear them

    i then ran malware bytes and it found a some more things it didnt like and again said it had cleared them

    thinking i was being safe i then ran adwcleaner on the lap top

    now when ever any of the 3 above products are run they do not return any issues in the results logs

    however i am still seeing issues with the drivers in the system manager and i am unable to update the drivers

    the laptop will also not connect to the internet or allow me to create a new connection

    so i have abviously missed something or messed up along the way and i am looking for assistance in getting rid of the infection

    the dds.txt log is here

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16576
    Run by Tara at 22:52:06 on 2013-07-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.2186 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ================
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    C:\windows\system32\SAsrv.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\System32\WUDFHost.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\USB Camera2\VM332_STI.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Lenovo\Energy Management\utility.exe
    C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Program Files\Conexant\SAII\SmartAudio.exe
    C:\windows\system32\DllHost.exe
    C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    F:\TotalLock.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k apphost
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
    uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [332BigDog] c:\program files\usb camera2\VM332_STI.EXE
    mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
    mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
    mRun: [IntelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
    dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
    dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    TCP: Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166} : DHCPNameServer = 109.249.185.224 109.249.188.32
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2010-8-24 54800]
    R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2009-7-30 348160]
    R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2013-7-16 445496]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-7-22 1153368]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2013-7-24 430080]
    R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2013-7-24 48192]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2009-7-30 815104]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2013-7-24 21520]
    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-7-30 56320]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    R3 vm332avs;Lenovo Camera2;c:\windows\system32\drivers\vm332avs.sys [2010-8-24 198000]
    R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-8-24 11792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IGRS;IGRS; [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
    S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-8-24 63240]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-24 29472]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-8-24 509192]
    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-8-24 579400]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
    S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-24 171520]
    S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-18 1817560]
    S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-18 1033688]
    S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-18 171928]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service; [x]
    S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
    .
    =============== Created Last 30 ================
    .
    2013-07-25 23:00:47 -------- d-----w- C:\SWTOOLS
    2013-07-25 23:00:21 53248 ----a-w- c:\windows\system32\CSVer.dll
    2013-07-25 22:30:08 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
    2013-07-25 22:30:07 -------- d-----w- c:\program files\Broadcom Wireless
    2013-07-24 22:58:31 48192 ----a-w- c:\windows\system32\drivers\tvtumon.sys
    2013-07-24 22:57:48 21520 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys
    2013-07-24 22:31:11 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-07-24 22:24:00 -------- d-----w- C:\ComboFix
    2013-07-24 22:05:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-07-24 21:27:03 98816 ----a-w- c:\windows\sed.exe
    2013-07-24 21:27:03 256000 ----a-w- c:\windows\PEV.exe
    2013-07-24 21:27:03 208896 ----a-w- c:\windows\MBR.exe
    2013-07-24 21:20:33 388096 ----a-r- c:\users\tara\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-07-24 21:20:33 -------- d-----w- c:\program files\Trend Micro
    2013-07-22 20:08:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-07-18 19:28:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-07-18 19:28:15 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-07-18 19:28:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-07-18 17:46:41 -------- d-----w- c:\users\tara\appdata\roaming\Malwarebytes
    2013-07-18 17:46:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-07-18 17:46:30 -------- d-----w- c:\programdata\Malwarebytes
    2013-07-18 17:46:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-07-18 17:46:19 -------- d-----w- c:\users\tara\appdata\local\Programs
    2013-07-16 16:02:59 445496 ------w- c:\windows\system32\SASrv.exe
    2013-07-16 15:44:12 -------- d-----w- c:\windows\pss
    2013-07-16 15:23:34 -------- d-----w- c:\windows\system32\x64
    2013-07-16 15:21:24 -------- d-----w- C:\Intel
    2013-07-16 15:21:03 -------- d-----w- c:\windows\Downloaded Installations
    2013-07-16 15:20:16 -------- d-----w- C:\Drivers
    2013-07-12 09:52:37 -------- d-----w- c:\users\tara\appdata\local\{200C9E30-6278-47AD-8ECD-2685A28A5B5C}
    2013-07-10 18:31:16 -------- d-----w- c:\users\tara\appdata\local\{C48F28CC-43DA-48FD-BE2A-78D8949A8611}
    2013-07-10 18:27:56 -------- d-----w- c:\users\tara\appdata\local\{B8EC8E39-FBFF-44C7-A6F8-1934B23B2068}
    2013-07-10 18:07:03 -------- d-----w- c:\users\tara\appdata\local\{A8D94A1B-74DF-4C0F-808E-38D31869D8FD}
    2013-07-10 18:02:11 -------- d-----w- C:\inetpub
    2013-07-10 17:39:31 -------- d-----w- c:\users\tara\appdata\local\{50A1C149-6357-43E7-B63A-1E1566BC797A}
    2013-07-10 17:32:09 -------- d-----w- c:\users\tara\appdata\local\{6182722F-5D67-43A4-862F-39448616D069}
    2013-07-06 17:13:56 -------- d-----w- c:\users\tara\appdata\local\{C28D5EC5-A184-4664-B369-5B152ABE5343}
    2013-07-03 17:38:12 -------- d-----w- c:\users\tara\appdata\local\{D0C7C66E-CEFD-447E-902E-2E1D36D203E2}
    2013-07-03 15:49:38 -------- d-----w- c:\users\tara\appdata\local\{169FE12A-DDE7-4884-9F7A-6E882FE1605D}
    2013-06-29 17:07:15 -------- d-----w- c:\users\tara\appdata\local\{E92422B9-55A9-4DD5-B654-75967C7D85A5}
    2013-06-28 17:01:38 -------- d-----w- c:\users\tara\appdata\local\{8B5C6F93-A383-4129-B791-E4C3C5D03E44}
    2013-06-28 16:54:41 -------- d-----w- c:\users\tara\appdata\local\ElevatedDiagnostics
    2013-06-28 16:36:11 -------- d-----w- c:\users\tara\appdata\local\{A1438B7D-A125-4E39-BFB4-51E2B1AEE7AC}
    .
    ==================== Find3M ====================
    .
    2013-06-08 23:56:00 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-06-08 23:56:00 185344 ----a-w- c:\windows\system32\elshyph.dll
    2013-06-08 23:53:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 22:52:26.40 ===============
    attach.zip


    spybot log.zipaswMBR.zip

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hello eddiemac1,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    =========================

    2. OTL

    Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    =========================

    In your next post please provide the following:

    • checkup.txt
    • OTL.txt
    • Extras.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    Firstly thanks for helping me out

    myself and Tara who's laptop this is appreciate it a lot.

    ok here are the logs

    the security check log is as follows

    Results of screen317's Security Check version 0.99.71
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 10.0.1 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    the Otl.text log is as follows

    OTL logfile created on: 7/29/2013 9:22:06 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tara\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.96 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.96% Memory free
    5.92 Gb Paging File | 5.13 Gb Available in Paging File | 86.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 252.89 Gb Total Space | 204.63 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
    Drive D: | 30.25 Gb Total Space | 28.54 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
    Drive F: | 26.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 1.75 Gb Total Space | 1.75 Gb Free Space | 99.91% Space Free | Partition Type: FAT

    Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Tara\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
    PRC - C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.)
    PRC - C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
    PRC - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    PRC - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    PRC - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
    PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)


    ========== Modules (No Company Name) ==========

    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\b553402413fa7b799cf8f2351618916b\SmartAudio.ni.exe ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\ab7c0d1230766b1ecad8b66fce8a5df5\Interop.CxHDAudioAPILib.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
    MOD - C:\Windows\System32\IcnOvrly.dll ()
    MOD - C:\Windows\System32\SimpleExt.dll ()
    MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
    MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()


    ========== Services (SafeList) ==========

    SRV - (WatAdminSvc) -- File not found
    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
    SRV - (IGRS) -- File not found
    SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
    SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
    SRV - (SAService) -- C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.)
    SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
    SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
    SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
    SRV - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
    SRV - (PS_MDP) -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
    SRV - (ReadyComm.DirectRouter) -- C:\Program Files\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)


    ========== Driver Services (SafeList) ==========

    DRV - (X6XSEx_Pr143) -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys File not found
    DRV - (WinRing0_1_2_0) -- File not found
    DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
    DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
    DRV - (EraserUtilDrv11120) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys File not found
    DRV - (catchme) -- C:\Users\Tara\AppData\Local\Temp\catchme.sys File not found
    DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (vm332avs) -- C:\Windows\System32\drivers\vm332avs.sys (Vimicro Corporation)
    DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV - (bpenum) -- C:\Windows\System32\drivers\bpenum.sys (Intel Corporation)
    DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
    DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
    DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
    DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
    DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A5B3D723-866E-47EE-9AA5-2A2C0847DEDB&apn_sauid=15809601-762E-45F4-BB2F-F3B4724A352C&
    IE - HKCU\..\SearchScopes\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/12 15:02:29 | 000,000,000 | ---D | M]

    [2011/01/01 23:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
    [2012/04/18 22:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2013/07/24 22:37:24 | 000,000,027 | ---- | M]) - C:\windows\System32\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
    O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166}: DhcpNameServer = 109.249.185.224 109.249.188.32
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/08/03 10:23:42 | 000,000,069 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    System Restore Service not available.

    CREATERESTOREPOINT
    System Restore Service not available.

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/07/29 21:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
    [2013/07/26 00:00:47 | 000,000,000 | ---D | C] -- C:\SWTOOLS
    [2013/07/26 00:00:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll
    [2013/07/25 23:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
    [2013/07/25 23:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\New folder
    [2013/07/25 23:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Wireless
    [2013/07/25 23:30:02 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\InstallShield
    [2013/07/24 23:58:31 | 000,048,192 | ---- | C] (Lenovo) -- C:\windows\System32\drivers\tvtumon.sys
    [2013/07/24 23:57:48 | 000,021,520 | ---- | C] (Lenovo Corporation) -- C:\windows\System32\drivers\AcpiVpc.sys
    [2013/07/24 23:31:39 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2013/07/24 23:31:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/07/24 23:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/07/24 23:04:27 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\mbar-1.06.0.1004
    [2013/07/24 22:27:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/07/24 22:27:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/07/24 22:27:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/07/24 22:25:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/07/22 21:31:44 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/07/22 21:30:18 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\post stuff
    [2013/07/22 21:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2013/07/22 21:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2013/07/18 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\revouninstaller
    [2013/07/18 21:03:26 | 021,691,552 | ---- | C] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
    [2013/07/18 21:03:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
    [2013/07/18 20:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/07/18 20:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/07/18 20:28:15 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
    [2013/07/18 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/07/18 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Malwarebytes
    [2013/07/18 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/07/18 18:46:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/07/18 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Programs
    [2013/07/18 18:46:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/16 17:02:59 | 000,445,496 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\SASrv.exe
    [2013/07/16 16:44:12 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2013/07/16 16:23:34 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
    [2013/07/16 16:21:24 | 000,000,000 | ---D | C] -- C:\Intel
    [2013/07/16 16:21:03 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
    [2013/07/16 16:20:16 | 000,000,000 | ---D | C] -- C:\Drivers
    [2013/07/10 19:02:11 | 000,000,000 | ---D | C] -- C:\inetpub
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/07/29 21:19:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/07/29 21:19:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/07/29 21:13:49 | 000,629,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/07/29 21:13:49 | 000,111,212 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/07/29 21:12:01 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
    [2013/07/29 21:11:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/07/29 21:11:43 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
    [2013/07/29 21:04:08 | 000,891,098 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
    [2013/07/28 22:59:47 | 000,000,378 | ---- | M] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
    [2013/07/27 22:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Tara\Desktop\MBR.dat
    [2013/07/25 23:39:31 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
    [2013/07/25 23:30:30 | 000,675,958 | ---- | M] () -- C:\windows\System32\oem7.inf
    [2013/07/25 23:13:32 | 000,001,219 | ---- | M] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
    [2013/07/25 22:51:00 | 000,666,633 | ---- | M] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
    [2013/07/24 22:54:04 | 013,399,154 | ---- | M] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
    [2013/07/24 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2013/07/24 22:20:33 | 000,002,959 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
    [2013/07/24 22:11:18 | 001,402,880 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.msi
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2013/07/22 21:31:18 | 000,000,898 | ---- | M] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
    [2013/07/22 21:31:18 | 000,000,879 | ---- | M] () -- C:\Users\Tara\Desktop\ERUNT.lnk
    [2013/07/22 21:13:54 | 007,123,312 | ---- | M] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
    [2013/07/22 21:08:16 | 000,001,244 | ---- | M] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/07/22 21:08:16 | 000,001,220 | ---- | M] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
    [2013/07/18 21:01:28 | 021,691,552 | ---- | M] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
    [2013/07/18 20:53:52 | 000,014,896 | ---- | M] () -- C:\windows\System32\results.xml
    [2013/07/18 20:42:12 | 003,007,700 | ---- | M] () -- C:\Users\Tara\Desktop\revouninstaller.zip
    [2013/07/18 20:32:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
    [2013/07/18 20:28:24 | 000,000,644 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,616 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,446 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/07/18 20:28:18 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/07/18 18:46:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/07/18 18:36:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/16 15:40:03 | 000,000,557 | ---- | M] () -- C:\windows\System32\MyDefrag.debuglog
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/07/29 21:14:36 | 000,891,098 | ---- | C] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
    [2013/07/28 22:59:47 | 000,000,378 | ---- | C] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
    [2013/07/27 22:57:16 | 000,000,512 | ---- | C] () -- C:\Users\Tara\Desktop\MBR.dat
    [2013/07/25 23:39:31 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
    [2013/07/25 23:30:35 | 000,675,958 | ---- | C] () -- C:\windows\System32\oem7.inf
    [2013/07/25 23:13:32 | 000,001,219 | ---- | C] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
    [2013/07/25 22:57:42 | 000,666,633 | ---- | C] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
    [2013/07/24 23:59:23 | 000,000,066 | -HS- | C] () -- C:\_PartitionInfo
    [2013/07/24 23:04:08 | 013,399,154 | ---- | C] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
    [2013/07/24 22:27:03 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/07/24 22:27:03 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/07/24 22:27:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/07/24 22:27:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/07/24 22:27:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/07/24 22:20:33 | 000,002,959 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
    [2013/07/24 22:19:54 | 001,402,880 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.msi
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2013/07/22 21:31:18 | 000,000,898 | ---- | C] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
    [2013/07/22 21:31:18 | 000,000,879 | ---- | C] () -- C:\Users\Tara\Desktop\ERUNT.lnk
    [2013/07/22 21:17:05 | 007,123,312 | ---- | C] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
    [2013/07/22 21:08:16 | 000,001,244 | ---- | C] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/07/22 21:08:16 | 000,001,220 | ---- | C] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
    [2013/07/18 21:03:25 | 003,007,700 | ---- | C] () -- C:\Users\Tara\Desktop\revouninstaller.zip
    [2013/07/18 20:28:24 | 000,000,644 | ---- | C] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,616 | ---- | C] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,446 | ---- | C] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/07/18 20:28:18 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/07/18 20:28:18 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/07/18 18:46:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/07 18:19:56 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
    [2011/05/20 17:40:41 | 000,001,940 | ---- | C] () -- C:\Users\Tara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/01/10 18:05:22 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\EasyCapture
    [2010/12/27 00:55:21 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\ooVoo Details
    [2012/11/20 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\RPPrivate
    [2013/01/02 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\SoftGrid Client
    [2012/02/12 15:06:16 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Tific
    [2011/01/12 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\TP
    [2011/07/05 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2009/07/14 03:07:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009/06/10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
    [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2010/04/29 13:11:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2010/04/29 13:09:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2010/04/29 13:09:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2010/04/29 13:11:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: EXPLORER.EXE.2480.DMP >
    [2013/07/18 20:23:07 | 002,712,467 | ---- | M] () MD5=6302F654AB14E45FC27A3DDC1D12F1D9 -- C:\Users\Tara\AppData\Local\CrashDumps\explorer.exe.2480.dmp

    < MD5 for: EXPLORER.EXE.2840.DMP >
    [2013/07/28 23:04:18 | 002,956,731 | ---- | M] () MD5=71C3D1C5D672B87F180D4E41BD33D5FB -- C:\Users\Tara\AppData\Local\CrashDumps\explorer.exe.2840.dmp

    < MD5 for: EXPLORER.EXE.MUI >
    [2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
    [2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2013/07/29 21:19:18 | 000,152,900 | ---- | M] () MD5=940DDA2437BF897B02EA7C328F68CB3C -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: IEXPLORE.EXE >
    [2012/05/18 00:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
    [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5\iexplore.exe
    [2012/05/17 23:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
    [2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
    [2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
    [2013/02/22 05:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_b104f0edc83023b1\iexplore.exe
    [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935\iexplore.exe
    [2013/04/04 23:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_b0f72023c83af39d\iexplore.exe
    [2013/02/22 05:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_b183bdcce155df6c\iexplore.exe
    [2011/08/20 05:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_b360a432860774ff\iexplore.exe
    [2010/11/04 06:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_b3987f3a85deec23\iexplore.exe
    [2012/08/24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0\iexplore.exe
    [2011/04/22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_b398812085dee94a\iexplore.exe
    [2013/01/08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
    [2010/11/04 06:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_b402ac8b9f13f917\iexplore.exe
    [2011/06/21 06:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_b3c2cf339f43b73b\iexplore.exe
    [2011/11/05 05:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_b38fb3ae85e53510\iexplore.exe
    [2012/01/02 22:27:32 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
    [2010/12/18 06:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
    [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c\iexplore.exe
    [2013/02/02 05:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
    [2011/06/21 06:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_b38113f685ef212c\iexplore.exe
    [2011/11/05 05:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_b3d0781f9f391a91\iexplore.exe
    [2010/12/18 06:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
    [2013/06/09 00:55:59 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files\Internet Explorer\iexplore.exe
    [2013/06/09 00:55:59 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\ERDNT\cache\iexplore.exe
    [2013/06/09 00:55:59 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
    [2011/02/24 06:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_b42a203b9ef553cc\iexplore.exe
    [2012/11/16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
    [2012/06/02 09:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94\iexplore.exe
    [2013/04/04 22:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_b175ed02e160af58\iexplore.exe
    [2012/11/16 04:08:47 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=C0BA71C1B3FB6E3DD432FF3CCAEBDC62 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
    [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
    [2011/02/24 06:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_b35da16e860a2bd3\iexplore.exe
    [2012/10/08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_b1955c7ce149422e\iexplore.exe
    [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
    [2012/06/29 00:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb\iexplore.exe
    [2013/01/08 22:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe
    [2011/04/22 20:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_b3ffe0d59f14dce7\iexplore.exe
    [2011/08/20 05:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_b40487279f125c2e\iexplore.exe

    < MD5 for: IEXPLORE.EXE.2164.DMP >
    [2013/07/17 18:58:21 | 003,714,784 | ---- | M] () MD5=D775139CBC5EA1D906B6AE4D0828DBD3 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2164.dmp

    < MD5 for: IEXPLORE.EXE.228.DMP >
    [2013/07/18 18:21:18 | 003,616,622 | ---- | M] () MD5=2763EB55DC8B0A5E83DAD1A4CA10BE9A -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.228.dmp

    < MD5 for: IEXPLORE.EXE.2304.DMP >
    [2013/07/18 18:09:13 | 003,633,719 | ---- | M] () MD5=E693965DEBD611B5757CB786F7AB8733 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2304.dmp

    < MD5 for: IEXPLORE.EXE.2440.DMP >
    [2013/07/18 18:21:02 | 003,645,819 | ---- | M] () MD5=3BEC41B667B140B0F94A7ED7514646C1 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2440.dmp

    < MD5 for: IEXPLORE.EXE.2488.DMP >
    [2013/07/17 18:58:08 | 003,609,865 | ---- | M] () MD5=4228B7348CF6322A523F536398347053 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2488.dmp

    < MD5 for: IEXPLORE.EXE.2852.DMP >
    [2013/07/18 18:09:21 | 003,609,082 | ---- | M] () MD5=77A94034CBA4C7FF3BA7209F9E77B81F -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2852.dmp

    < MD5 for: IEXPLORE.EXE.2972.DMP >
    [2013/07/17 18:58:05 | 003,632,711 | ---- | M] () MD5=CE0EDEEFB5097AE0606F60DB453C82AD -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.2972.dmp

    < MD5 for: IEXPLORE.EXE.544.DMP >
    [2013/07/18 18:21:21 | 003,608,149 | ---- | M] () MD5=CB48AA745810B14558668C97666BF690 -- C:\Users\Tara\AppData\Local\CrashDumps\iexplore.exe.544.dmp

    < MD5 for: IEXPLORE.EXE.MUI >
    [2012/01/02 22:27:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
    [2013/06/09 00:56:00 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2013/06/09 00:56:00 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
    [2009/07/14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_acf38f2bbdc896a9\iexplore.exe.mui
    [2009/07/14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-908C99F8.PF >
    [2013/07/22 21:45:15 | 000,125,788 | ---- | M] () MD5=F738E6B5F2787FC4D680A8A510091981 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

    < MD5 for: SERVICES >
    [2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
    [2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

    < MD5 for: SERVICES.CFG >
    [2011/01/30 16:45:12 | 000,033,726 | ---- | M] () MD5=98813D442AB6F9865FF408E9459D2D78 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
    [2010/11/10 12:49:34 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\services.cfg

    < MD5 for: SERVICES.EXE >
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
    [2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

    < MD5 for: SERVICES.LNK >
    [2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOF >
    [2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
    [2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

    < MD5 for: SERVICES.MSC >
    [2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
    [2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
    [2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PTXML >
    [2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
    [2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

    < MD5 for: SERVICES.SBS >
    [2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

    < MD5 for: WINLOGON.ADML >
    [2009/07/14 03:05:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009/06/10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010/04/29 13:11:33 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2010/04/29 13:11:33 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2010/11/20 13:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
    [2010/11/20 13:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
    [2009/07/14 03:05:28 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DB61D28A59DEE68F77811B291D83AD1B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cacee7ae656a07ab\winlogon.exe.mui

    < MD5 for: WINLOGON.MFL >
    [2009/07/14 03:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
    [2009/07/14 03:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009/07/13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
    [2009/07/13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

    < %SYSTEMDRIVE%\*.* >
    [2013/07/25 22:58:21 | 000,008,642 | ---- | M] () -- C:\AdwCleaner[R1].txt
    [2013/07/25 23:02:07 | 000,001,514 | ---- | M] () -- C:\AdwCleaner[R2].txt
    [2013/07/25 23:04:17 | 000,001,153 | ---- | M] () -- C:\AdwCleaner[R3].txt
    [2013/07/25 23:18:41 | 000,000,940 | ---- | M] () -- C:\AdwCleaner[R4].txt
    [2013/07/25 23:28:55 | 000,000,999 | ---- | M] () -- C:\AdwCleaner[R5].txt
    [2013/07/26 00:04:23 | 000,001,058 | ---- | M] () -- C:\AdwCleaner[R6].txt
    [2013/07/28 13:25:04 | 000,001,119 | ---- | M] () -- C:\AdwCleaner[R7].txt
    [2013/07/25 22:59:29 | 000,008,736 | ---- | M] () -- C:\AdwCleaner[S1].txt
    [2013/07/25 23:02:45 | 000,001,462 | ---- | M] () -- C:\AdwCleaner[S2].txt
    [2013/07/24 23:57:53 | 000,000,089 | ---- | M] () -- C:\AtmApInit.txt
    [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2013/07/24 23:31:38 | 000,020,999 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2013/07/29 21:12:14 | 010,765,006 | ---- | M] () -- C:\FaceProv.log
    [2013/07/29 21:11:43 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/07/29 21:11:43 | 3179,913,216 | -HS- | M] () -- C:\pagefile.sys
    [2013/07/11 03:37:30 | 000,000,000 | ---- | M] () -- C:\Recovery.txt
    [2012/03/15 16:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
    [2013/07/29 21:12:03 | 000,023,165 | ---- | M] () -- C:\sysiclog.txt
    [2013/07/29 21:12:01 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo

    < %systemroot%\Fonts\*.com >
    [2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

  4. #4
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    otl scan continued from last post


    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2010/11/20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C has no label.
    Volume Serial Number is CC8C-440D
    Directory of C:\
    14/07/2009 05:53 <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    14/07/2009 05:53 <SYMLINKD> All Users [C:\ProgramData]
    14/07/2009 05:53 <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    14/07/2009 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    14/07/2009 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
    14/07/2009 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    14/07/2009 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    14/07/2009 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    14/07/2009 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    14/07/2009 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    14/07/2009 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    14/07/2009 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    14/07/2009 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
    14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
    14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Tara
    27/12/2010 00:54 <JUNCTION> Application Data [C:\Users\Tara\AppData\Roaming]
    27/12/2010 00:54 <JUNCTION> Cookies [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Cookies]
    27/12/2010 00:54 <JUNCTION> Local Settings [C:\Users\Tara\AppData\Local]
    27/12/2010 00:54 <JUNCTION> My Documents [C:\Users\Tara\Documents]
    27/12/2010 00:54 <JUNCTION> NetHood [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    27/12/2010 00:54 <JUNCTION> PrintHood [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    27/12/2010 00:54 <JUNCTION> Recent [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Recent]
    27/12/2010 00:54 <JUNCTION> SendTo [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\SendTo]
    27/12/2010 00:54 <JUNCTION> Start Menu [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu]
    27/12/2010 00:54 <JUNCTION> Templates [C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Tara\AppData\Local
    27/12/2010 00:54 <JUNCTION> Application Data [C:\Users\Tara\AppData\Local]
    27/12/2010 00:54 <JUNCTION> History [C:\Users\Tara\AppData\Local\Microsoft\Windows\History]
    27/12/2010 00:54 <JUNCTION> Temporary Internet Files [C:\Users\Tara\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Tara\Documents
    27/12/2010 00:54 <JUNCTION> My Music [C:\Users\Tara\Music]
    27/12/2010 00:54 <JUNCTION> My Pictures [C:\Users\Tara\Pictures]
    27/12/2010 00:54 <JUNCTION> My Videos [C:\Users\Tara\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    49 Dir(s) 219,738,689,536 bytes free

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/02 23:07:12 | 000,000,221 | -HS- | M] () -- C:\Users\Tara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2013/07/25 22:51:00 | 000,666,633 | ---- | M] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
    [2013/07/18 21:01:28 | 021,691,552 | ---- | M] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
    [2013/07/18 18:36:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
    [2013/07/29 21:04:08 | 000,891,098 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
    [2013/07/18 20:32:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
    [2013/07/22 21:13:54 | 007,123,312 | ---- | M] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-09 16:52:53

    ========== Base Services ==========
    SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
    SRV - [2013/02/27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
    SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
    SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
    SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
    SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
    SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
    SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
    SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
    SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
    SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
    SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
    SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
    SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
    SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
    SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\netprofm.dll -- (netprofm)
    SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
    SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
    SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
    SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
    SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
    SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
    SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
    SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
    SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
    SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
    SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
    SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
    SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
    SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
    SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
    SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
    SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
    SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
    SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
    SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
    SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
    SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
    SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
    SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
    SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
    SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: HITACHI HTS545032B9A300
    Partitions: 4
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: Integral Crypto USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 200.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 253.00GB
    Starting Offset: 210763776
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Extended w/Extended Int 13
    Bootable: False
    BootPartition: False
    PrimaryPartition: False
    Size: 30.00GB
    Starting Offset: 271752626176
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #3
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 15.00GB
    Starting Offset: 304230170624
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Win95 w/Extended Int 13
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 2.00GB
    Starting Offset: 16384
    Hidden sectors: 0


    < End of report >

  5. #5
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    exrtas.txt log

    OTL Extras logfile created on: 7/29/2013 9:22:06 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tara\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.96 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.96% Memory free
    5.92 Gb Paging File | 5.13 Gb Available in Paging File | 86.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 252.89 Gb Total Space | 204.63 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
    Drive D: | 30.25 Gb Total Space | 28.54 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
    Drive F: | 26.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 1.75 Gb Total Space | 1.75 Gb Free Space | 99.91% Space Free | Partition Type: FAT

    Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = TorchHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{05BF92BE-B090-4129-A23B-AC233595DFC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1904033B-0F56-4678-B434-B7B426542E9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1BF24B59-ACBE-48E2-BF9E-7B4B6620E0D9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{24CCEE87-0841-4048-B92B-C51BF0BA5AF6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{29C76CF2-1A1F-4F6C-BABC-32704D6CDD2E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2DBF932A-0505-4DFD-82FD-1515A79063A9}" = lport=137 | protocol=17 | dir=in | app=system |
    "{2ED1C350-49AE-4C87-885B-6EF8717F7503}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{323B8B58-29FC-43FE-B2F4-93BB84724B7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4FFDE7A8-68CA-48AD-BAA0-2F1DE807E364}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{54874D6D-8C2E-4E5B-85FD-EDD7CE63841A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{55A6343D-B142-454B-A85E-6289E6F0023D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6BC230F8-4BB8-476D-9E41-73402A98FE53}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6C3ADC9D-0774-460A-A051-2ECAE938C078}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6CBFF289-92E7-4454-8F1C-F9A2FC377C3B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7866450D-EA65-4490-A4CB-460CB64F86AD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7953C553-87BC-4F69-AD5D-A16DAEB60EBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7A7CF5CE-22C5-41F0-8C4C-41E5268ACE35}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8C1C898C-6250-4D0C-9FC9-07D90D918434}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{997DB135-531E-4478-BDC7-34371DC3E1E5}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A8B778AA-8855-4A6A-8530-D1EE931E099E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{AF33FB97-32ED-43B5-AF26-D9FFF924D296}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B368AED0-A9FC-4593-B0C1-3BCAD5FD1D35}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B4B7B7A0-4EAF-4FF2-97FF-1CFA7A0E55DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B7C5C218-05AC-4FEA-A673-0449B4C25ECC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E59EDE5D-C08D-463A-85D3-DCBBC64D4250}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E5F81F0D-60F9-4F74-8C2E-327995EFFD06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FBC7E859-EB94-450B-9F82-A22D2F8A7D5B}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{063820FF-3FBC-4D87-A946-0000865009AB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{09B482F2-93E5-4E82-964F-B70894FA2FB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0AC6D78C-59E0-4B4C-A807-ABD8D2571BB1}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{123833B5-1A5C-42C5-982F-A46F3CD39049}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1AF449A0-1DCC-42E1-9C7C-E5E727D98FC6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{1B75D686-2236-4E61-9E8E-77ACB48F8946}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
    "{20B095D4-CC34-451A-B6A7-55B2F6CF2A48}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
    "{2358387D-672A-4EE6-95DB-F84D2C7D32C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{25B53CE2-3A68-4D76-BFD8-730E02C8FA7F}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{27A959B6-9934-4752-A21B-EB9C35E706C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{280C8EBB-458F-44C1-AA4C-B149D9AC54D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{29F2E938-AEA8-40BE-AE67-A4EC1B00306C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2C2B2CCE-715F-4C20-82A9-B9BA29F43C72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{31423DF5-7A0E-4700-81CC-9B048F9CA517}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{356EFCB6-7909-43C6-B1A4-9E4563E39351}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
    "{3E57A8D7-31CD-41DB-B81E-EDAE448E0806}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
    "{41E66251-F263-4E33-A842-CDDF3993FE58}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
    "{45236453-86F2-4179-814D-7C9F76D8CFF6}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{49910D38-19D9-49B0-8895-B49DF6D22E39}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
    "{5446EE6D-2BB6-4026-B006-964E65DDA541}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5D9ED399-EAAF-441F-9A49-9B557585B63E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{706568C0-1881-4757-9F54-7A7918772512}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{7376006D-21D0-4752-9150-631072037062}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
    "{7B45A94A-6AF2-48A0-B600-DB8EB3E6DCBA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{83D01613-1E1F-4C09-A7A5-7B398158EE13}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{85EB7117-BC9C-42FD-860C-DB483FF39A02}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8E0D13C8-B746-49EC-9503-DF451BA4348A}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
    "{98ADD3DF-7C0C-41D4-99DE-D756DD2745F6}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
    "{9CB6ABD3-4CBF-444D-9031-C083F1F0CD22}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{9D3F5B80-9859-4F91-923C-1826E55F1FEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{9DF55F81-6EE6-4DFA-AB86-5BF5EC2DA9F6}" = protocol=6 | dir=out | app=system |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A9CED86F-B93B-4181-AA7D-F872EC33578A}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B616DBC8-1A4C-42CC-B37A-8C89425B3AF5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{B9352610-EFB7-403F-891A-F88F77808468}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{BBB970B0-89F7-4666-9965-80E06BB4A829}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{BCBF0B69-F8C0-4806-88B3-73EC1708E33E}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{C2B20523-826D-48B2-82EC-7984BEB08729}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
    "{C3624ED5-81B7-4226-A1F5-76AE609343E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CB2CCAA5-3700-41C9-B643-700962D8948A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CD194420-E34D-4D9F-BE81-0C3A47F82C05}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D59A5E9F-5D7B-4572-8736-0C45DD32E540}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{DAE21A0E-6E69-4930-BC93-237992E237D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DE32C5DF-B64F-468C-9C47-F89194973A95}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{E1BE3E49-D1A9-4D88-B618-8D17B0D5ADA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E2F95DE3-3E75-4BED-A994-429BDCCB363F}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E908E74B-07F1-4D83-B14C-E660967C790A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ECFF47FA-F008-4A7F-BBAB-3ED8E121A544}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F70D8EBF-119F-47A9-A34F-AD222A79A420}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FAC48EB5-9F3E-41FB-8FBE-A639776870E0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{FF4A968F-75DA-4946-A2E0-459009116176}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{51EBA410-FED3-4A50-BD17-3673403827C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{8F4C4641-08CE-40B9-97F0-C0E4AFC1DE83}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "UDP Query User{5EAE9074-40FC-4564-A6A0-286397B54EDB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{BAEE6023-B22C-4289-A54B-CCBA69C8FBD8}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
    "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "EasyCapture4.0" = EasyCapture
    "ERUNT_is1" = ERUNT 1.1j
    "exent_532150" = Heroes of Hellas
    "exent_554750" = Cradle of Rome
    "exent_586350" = 7 Wonders II
    "exent_676150" = Heartwild Solitaire - Book Two
    "exent_683150" = Time Riddles: The Mansion
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mediaplayer Lite_is1" = Mediaplayer Lite v1.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "ProInst" = Intel PROSet Wireless
    "RealPlayer 15.0" = RealPlayer
    "TVWiz" = Intel(R) TV Wizard
    "VeriFace" = VeriFace
    "WinLiveSuite" = Windows Live Essentials
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/19/2012 3:10:18 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:19 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:19 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:19 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:20 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:20 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:20 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:22 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:22 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/19/2012 3:10:22 PM | Computer Name = Tara-PC | Source = Bonjour Service | ID = 100
    Description =

    [ System Events ]
    Error - 7/29/2013 4:14:06 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1062

    Error - 7/29/2013 4:14:06 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1062

    Error - 7/29/2013 4:14:06 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
    Description = The Network Location Awareness service terminated with service-specific
    error %%-1073741288.

    Error - 7/29/2013 4:17:07 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%0

    Error - 7/29/2013 4:17:07 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1062

    Error - 7/29/2013 4:17:07 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
    Description = The Network Location Awareness service terminated with service-specific
    error %%-1073741288.

    Error - 7/29/2013 4:19:18 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%0

    Error - 7/29/2013 4:19:18 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
    Description = The Network Location Awareness service terminated with service-specific
    error %%-1073741288.

    Error - 7/29/2013 4:19:43 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%0

    Error - 7/29/2013 4:19:43 PM | Computer Name = TARA-PC | Source = Service Control Manager | ID = 7024
    Description = The Network Location Awareness service terminated with service-specific
    error %%-1073741288.


    < End of report >

  6. #6
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi eddiemac1,

    1. Your log indicates you have run ComboFix recently. Locate the log and post it in your next reply. It should be located here: C:\ComboFix.txt (2013/07/24)
    2. Locate this AdwCleaner log also and post in your next reply: C:\AdwCleaner[S1].txt

    =========================

    1. Run OTL.exe

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE - HKCU\..\SearchScopes\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
      IE - HKCU\..\SearchScopes\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A5B3D723-866E-47EE-9AA5-2A2C0847DEDB&apn_sauid=15809601-762E-45F4-BB2F-F3B4724A352C&
      IE - HKCU\..\SearchScopes\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKCU..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
      
      :Files
      C:\Program Files\Free Ride Games
      
      :Services
      X6XSEx_Pr143
      
      :Reg
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    =========================

    In your next post please provide the following:

    • ComboFix.txt from previous run
    • AdwCleaner[S1].txt from previous run
    • OTL.txt fix log
    • Fresh OTL.txt log
    • How is the computer running, what issues or symptoms are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #7
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    thanks for this

    the combo log is

    ComboFix 13-07-24.03 - Tara 30/07/2013 18:42:27.3.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.2209 [GMT 1:00]
    Running from: c:\users\Tara\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2013-07-30 17:43 . 2013-07-30 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-07-30 17:31 . 2013-07-30 17:31 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4363A749-D3A3-48AC-BF2C-117B708251CA}\offreg.dll
    2013-07-25 23:00 . 2013-07-25 23:00 -------- d-----w- C:\SWTOOLS
    2013-07-25 23:00 . 2008-07-16 15:05 53248 ----a-w- c:\windows\system32\CSVer.dll
    2013-07-25 22:30 . 2009-07-07 16:45 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
    2013-07-25 22:30 . 2013-07-25 22:30 -------- d-----w- c:\program files\Broadcom Wireless
    2013-07-25 22:30 . 2013-07-25 22:30 -------- d-----w- c:\users\Tara\AppData\Roaming\InstallShield
    2013-07-24 22:58 . 2008-08-28 17:39 48192 ----a-w- c:\windows\system32\drivers\tvtumon.sys
    2013-07-24 22:57 . 2009-05-19 12:43 21520 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys
    2013-07-24 22:05 . 2013-07-24 22:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-07-24 21:20 . 2013-07-24 21:20 388096 ----a-r- c:\users\Tara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-07-24 21:20 . 2013-07-24 21:20 -------- d-----w- c:\program files\Trend Micro
    2013-07-22 20:31 . 2013-07-22 20:31 -------- d-----w- c:\program files\ERUNT
    2013-07-22 20:08 . 2013-07-22 20:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-07-18 19:28 . 2013-07-24 21:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-07-18 19:28 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-07-18 19:28 . 2013-07-18 19:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\users\Tara\AppData\Roaming\Malwarebytes
    2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\programdata\Malwarebytes
    2013-07-18 17:46 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-07-18 17:46 . 2013-07-18 17:46 -------- d-----w- c:\users\Tara\AppData\Local\Programs
    2013-07-16 16:02 . 2010-03-25 16:32 445496 ------w- c:\windows\system32\SASrv.exe
    2013-07-16 15:23 . 2013-07-16 15:23 -------- d-----w- c:\windows\system32\x64
    2013-07-16 15:21 . 2013-07-16 15:21 -------- d-----w- C:\Intel
    2013-07-16 15:21 . 2013-07-16 15:21 -------- d-----w- c:\windows\Downloaded Installations
    2013-07-16 15:20 . 2013-07-25 23:00 -------- d-----w- C:\Drivers
    2013-07-10 18:02 . 2013-07-10 18:02 -------- d-----w- C:\inetpub
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-08 23:56 . 2013-06-08 23:56 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-06-08 23:56 . 2013-06-08 23:56 185344 ----a-w- c:\windows\system32\elshyph.dll
    2013-06-08 23:55 . 2013-06-08 23:55 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-06-08 23:55 . 2013-06-08 23:55 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-06-08 23:55 . 2013-06-08 23:55 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-06-08 23:55 . 2013-06-08 23:55 61952 ----a-w- c:\windows\system32\tdc.ocx
    2013-06-08 23:55 . 2013-06-08 23:55 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-06-08 23:55 . 2013-06-08 23:55 523264 ----a-w- c:\windows\system32\vbscript.dll
    2013-06-08 23:55 . 2013-06-08 23:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-06-08 23:55 . 2013-06-08 23:55 38400 ----a-w- c:\windows\system32\imgutil.dll
    2013-06-08 23:55 . 2013-06-08 23:55 361984 ----a-w- c:\windows\system32\html.iec
    2013-06-08 23:55 . 2013-06-08 23:55 2877440 ----a-w- c:\windows\system32\jscript9.dll
    2013-06-08 23:55 . 2013-06-08 23:55 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-06-08 23:55 . 2013-06-08 23:55 23040 ----a-w- c:\windows\system32\licmgr10.dll
    2013-06-08 23:55 . 2013-06-08 23:55 1767424 ----a-w- c:\windows\system32\wininet.dll
    2013-06-08 23:55 . 2013-06-08 23:55 158720 ----a-w- c:\windows\system32\msls31.dll
    2013-06-08 23:55 . 2013-06-08 23:55 150528 ----a-w- c:\windows\system32\iexpress.exe
    2013-06-08 23:55 . 2013-06-08 23:55 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-06-08 23:55 . 2013-06-08 23:55 138752 ----a-w- c:\windows\system32\wextract.exe
    2013-06-08 23:55 . 2013-06-08 23:55 137216 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-06-08 23:55 . 2013-06-08 23:55 12800 ----a-w- c:\windows\system32\mshta.exe
    2013-06-08 23:55 . 2013-06-08 23:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-06-08 23:55 . 2013-06-08 23:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-06-08 23:53 . 2013-06-08 23:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-06-08 23:53 . 2013-06-08 23:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-06-08 23:53 . 2013-06-08 23:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2013-06-08 23:53 . 2013-06-08 23:53 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-06-08 23:53 . 2013-06-08 23:53 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-06-08 23:53 . 2013-06-08 23:53 906240 ----a-w- c:\windows\system32\FntCache.dll
    2013-06-08 23:53 . 2013-06-08 23:53 604160 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-06-08 23:53 . 2013-06-08 23:53 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2013-06-08 23:53 . 2013-06-08 23:53 293376 ----a-w- c:\windows\system32\dxgi.dll
    2013-06-08 23:53 . 2013-06-08 23:53 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-06-08 23:53 . 2013-06-08 23:53 220160 ----a-w- c:\windows\system32\d3d10core.dll
    2013-06-08 23:53 . 2013-06-08 23:53 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-06-08 23:53 . 2013-06-08 23:53 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-06-08 23:53 . 2013-06-08 23:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-06-08 23:53 . 2013-06-08 23:53 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-06-08 23:53 . 2013-06-08 23:53 1504768 ----a-w- c:\windows\system32\d3d11.dll
    2013-06-08 23:53 . 2013-06-08 23:53 1247744 ----a-w- c:\windows\system32\DWrite.dll
    2013-06-08 23:53 . 2013-06-08 23:53 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-06-08 23:53 . 2013-06-08 23:53 1080832 ----a-w- c:\windows\system32\d3d10.dll
    2013-05-14 18:58 . 2012-06-27 09:38 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-13 06:19 . 2013-06-09 16:52 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4363A749-D3A3-48AC-BF2C-117B708251CA}\mpengine.dll
    2013-05-02 01:06 . 2011-12-31 18:41 238872 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2010-08-24 06:52 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "332BigDog"="c:\program files\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
    "UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-12-05 296056]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 151064]
    "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
    "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-07-30 1425408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
    2010-08-24 06:52 3122440 ----a-w- c:\program files\Lenovo\VeriFace\PManage.exe
    .
    R2 IGRS;IGRS; [x]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
    R2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\Free Ride Games\X6XSEx_Pr143.Sys [x]
    R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
    R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
    R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
    R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
    R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
    R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service; [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
    S1 funfrm;funfrm; [x]
    S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 348160]
    S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 430080]
    S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-08-28 48192]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 815104]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-04-20 198000]
    S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-07-18 09:58]
    .
    2013-07-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-07-18 09:57]
    .
    2013-07-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-07-18 09:58]
    .
    2013-06-28 c:\windows\Tasks\User_Feed_Synchronization-{D7C28E2A-5629-4098-933B-4379AF44A1A7}.job
    - c:\windows\system32\msfeedssync.exe [2013-06-08 23:55]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
    HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariDownload"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariExtension"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariDownload"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariExtension"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1600168638-2977270739-2580607599-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-1600168638-2977270739-2580607599-1000)
    "Progid"="SafariHTML"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1816)
    c:\windows\system32\IcnOvrly.dll
    .
    Completion time: 2013-07-30 18:44:27
    ComboFix-quarantined-files.txt 2013-07-30 17:44
    ComboFix2.txt 2013-07-24 22:31
    ComboFix3.txt 2013-07-24 21:41
    .
    Pre-Run: 219,794,755,584 bytes free
    Post-Run: 219,774,451,712 bytes free
    .
    - - End Of File - - 3CC2B805C4EC7321829D904851BC0B64
    A36C5E4F47E84449FF07ED3517B43A31

  8. #8
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    the adware log is

    # AdwCleaner v2.306 - Logfile created 07/25/2013 at 22:58:09
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : Tara - TARA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tara\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : IB Updater

    ***** [Files / Folders] *****

    File Found : C:\user.js
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Free Ride Games
    Folder Found : C:\Program Files\IB Updater
    Folder Found : C:\Program Files\Perion
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Free Ride Games
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
    Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Folder Found : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Folder Found : C:\Users\Tara\AppData\Local\Ilivid Player
    Folder Found : C:\Users\Tara\AppData\LocalLow\BabylonToolbar
    Folder Found : C:\Users\Tara\AppData\LocalLow\Codecv
    Folder Found : C:\Users\Tara\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Tara\AppData\LocalLow\ilividtoolbarguid
    Folder Found : C:\Users\Tara\AppData\LocalLow\incredibar.com
    Folder Found : C:\Users\Tara\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\Tara\AppData\LocalLow\ShoppingReport2
    Folder Found : C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
    Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKCU\Software\WNLT
    Key Found : HKLM\Software\APN
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\DealScout.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Found : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Funmoods
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Key Found : HKLM\Software\IB Updater
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.31] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1348353322554078&q={searchTerms}",
    Found [l.1874] : homepage = "hxxp://www.searchnu.com/406",
    Found [l.2139] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

    *************************

    AdwCleaner[R1].txt - [8513 octets] - [25/07/2013 22:58:09]

    ########## EOF - C:\AdwCleaner[R1].txt - [8573 octets] ##########

  9. #9
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    the otl fix log is

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64A2FB6F-B770-4489-9CE6-8E41D23235A1}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AFFE39C-A4C3-4A28-AB80-59936B7E808A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F17F80A-966A-43F4-A6DC-68DA31A5E547}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\www.exent.com/GameTreatWidget\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
    File rity] not found.
    File ptytemp] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 07302013_204205

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    and the otl log is

    OTL logfile created on: 7/30/2013 8:44:43 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tara\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 77.12% Memory free
    5.92 Gb Paging File | 5.24 Gb Available in Paging File | 88.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 252.89 Gb Total Space | 204.74 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
    Drive D: | 30.25 Gb Total Space | 28.54 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
    Drive F: | 26.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
    PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2011/12/05 21:25:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/05/05 14:53:12 | 000,736,312 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    PRC - [2010/03/25 17:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\SASrv.exe
    PRC - [2010/01/19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera2\VM332_STI.EXE
    PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    PRC - [2009/07/31 16:45:56 | 004,114,336 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
    PRC - [2009/07/30 09:45:36 | 001,425,408 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    PRC - [2009/07/30 09:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    PRC - [2009/07/30 09:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    PRC - [2009/06/25 09:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/07/16 17:03:22 | 001,374,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\b553402413fa7b799cf8f2351618916b\SmartAudio.ni.exe
    MOD - [2013/07/16 17:03:22 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\ab7c0d1230766b1ecad8b66fce8a5df5\Interop.CxHDAudioAPILib.ni.dll
    MOD - [2013/05/16 21:36:57 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
    MOD - [2013/05/16 21:33:40 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
    MOD - [2013/05/16 21:33:16 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
    MOD - [2013/05/16 21:32:42 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
    MOD - [2013/05/16 21:32:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
    MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2013/02/17 16:19:40 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
    MOD - [2013/02/17 16:17:15 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
    MOD - [2013/01/22 21:03:33 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
    MOD - [2013/01/22 20:46:23 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/22 20:45:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/18 01:47:07 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/18 01:45:43 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/18 01:45:32 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/18 01:44:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2010/11/05 02:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2010/08/24 07:52:17 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
    MOD - [2010/08/24 07:52:16 | 000,513,288 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
    MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
    MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WatAdminSvc)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - File not found [Auto | Stopped] -- -- (IGRS)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/03/25 17:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\SASrv.exe -- (SAService)
    SRV - [2009/09/22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
    SRV - [2009/08/14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
    SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/07/30 09:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV - [2009/07/30 09:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV - [2009/07/16 04:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
    SRV - [2009/07/14 15:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Unavailable | Unknown] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys -- (X6XSEx_Pr143)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WinRing0_1_2_0)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys -- (EraserUtilDrv11120)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tara\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
    DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
    DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
    DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
    DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/08/24 07:51:42 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
    DRV - [2010/04/22 05:08:22 | 000,218,744 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/04/20 18:45:28 | 000,198,000 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm332avs.sys -- (vm332avs)
    DRV - [2010/03/31 07:49:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2009/07/30 10:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/30 09:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
    DRV - [2009/07/28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
    DRV - [2009/07/21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
    DRV - [2009/07/16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
    DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
    DRV - [2009/07/10 05:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2009/05/19 13:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
    DRV - [2008/08/06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/12 15:02:29 | 000,000,000 | ---D | M]

    [2011/01/01 23:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
    [2012/04/18 22:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2013/07/24 22:37:24 | 000,000,027 | ---- | M]) - C:\windows\System32\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166}: DhcpNameServer = 109.249.185.224 109.249.188.32
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/08/03 10:23:42 | 000,000,069 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/07/30 20:42:05 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/07/30 18:44:29 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2013/07/30 18:44:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/07/30 18:40:13 | 005,094,311 | R--- | C] (Swearware) -- C:\Users\Tara\Desktop\ComboFix.exe
    [2013/07/29 21:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
    [2013/07/26 00:00:47 | 000,000,000 | ---D | C] -- C:\SWTOOLS
    [2013/07/26 00:00:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll
    [2013/07/25 23:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
    [2013/07/25 23:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\New folder
    [2013/07/25 23:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Wireless
    [2013/07/25 23:30:02 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\InstallShield
    [2013/07/24 23:58:31 | 000,048,192 | ---- | C] (Lenovo) -- C:\windows\System32\drivers\tvtumon.sys
    [2013/07/24 23:57:48 | 000,021,520 | ---- | C] (Lenovo Corporation) -- C:\windows\System32\drivers\AcpiVpc.sys
    [2013/07/24 23:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/07/24 23:04:27 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\mbar-1.06.0.1004
    [2013/07/24 22:27:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/07/24 22:27:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/07/24 22:27:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/07/24 22:25:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/07/24 22:20:33 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/07/22 21:31:44 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/07/22 21:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/07/22 21:30:18 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\post stuff
    [2013/07/22 21:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2013/07/22 21:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2013/07/18 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\revouninstaller
    [2013/07/18 21:03:26 | 021,691,552 | ---- | C] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
    [2013/07/18 21:03:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
    [2013/07/18 20:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/07/18 20:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/07/18 20:28:15 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
    [2013/07/18 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/07/18 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Malwarebytes
    [2013/07/18 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/07/18 18:46:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/07/18 18:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/07/18 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Programs
    [2013/07/18 18:46:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/16 17:02:59 | 000,445,496 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\SASrv.exe
    [2013/07/16 16:44:12 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2013/07/16 16:23:34 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
    [2013/07/16 16:21:24 | 000,000,000 | ---D | C] -- C:\Intel
    [2013/07/16 16:21:03 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
    [2013/07/16 16:20:16 | 000,000,000 | ---D | C] -- C:\Drivers
    [2013/07/10 19:02:11 | 000,000,000 | ---D | C] -- C:\inetpub
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/07/30 20:42:58 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
    [2013/07/30 20:42:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/07/30 20:42:43 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/30 20:23:21 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/07/30 20:23:21 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/07/30 20:19:38 | 000,629,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/07/30 20:19:38 | 000,111,212 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/07/30 20:14:29 | 000,675,958 | ---- | M] () -- C:\windows\System32\oem7.inf
    [2013/07/29 21:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
    [2013/07/29 21:04:08 | 000,891,098 | ---- | M] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
    [2013/07/28 22:59:47 | 000,000,378 | ---- | M] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
    [2013/07/27 22:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Tara\Desktop\MBR.dat
    [2013/07/25 23:39:31 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
    [2013/07/25 23:13:32 | 000,001,219 | ---- | M] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
    [2013/07/25 22:51:00 | 000,666,633 | ---- | M] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
    [2013/07/24 22:54:04 | 013,399,154 | ---- | M] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
    [2013/07/24 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2013/07/24 22:20:33 | 000,002,959 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
    [2013/07/24 22:12:06 | 005,094,311 | R--- | M] (Swearware) -- C:\Users\Tara\Desktop\ComboFix.exe
    [2013/07/24 22:11:18 | 001,402,880 | ---- | M] () -- C:\Users\Tara\Desktop\HiJackThis.msi
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2013/07/22 21:31:18 | 000,000,898 | ---- | M] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
    [2013/07/22 21:31:18 | 000,000,879 | ---- | M] () -- C:\Users\Tara\Desktop\ERUNT.lnk
    [2013/07/22 21:13:54 | 007,123,312 | ---- | M] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
    [2013/07/22 21:08:16 | 000,001,244 | ---- | M] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/07/22 21:08:16 | 000,001,220 | ---- | M] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
    [2013/07/18 21:01:28 | 021,691,552 | ---- | M] (Mozilla) -- C:\Users\Tara\Desktop\Firefox Setup 22.0.exe
    [2013/07/18 20:53:52 | 000,014,896 | ---- | M] () -- C:\windows\System32\results.xml
    [2013/07/18 20:42:12 | 003,007,700 | ---- | M] () -- C:\Users\Tara\Desktop\revouninstaller.zip
    [2013/07/18 20:32:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tara\Desktop\spybotsd162.exe
    [2013/07/18 20:28:24 | 000,000,644 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,616 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,446 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/07/18 20:28:18 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/07/18 18:46:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/07/18 18:36:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tara\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/16 15:40:03 | 000,000,557 | ---- | M] () -- C:\windows\System32\MyDefrag.debuglog
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/07/29 21:14:36 | 000,891,098 | ---- | C] () -- C:\Users\Tara\Desktop\SecurityCheck.exe
    [2013/07/28 22:59:47 | 000,000,378 | ---- | C] () -- C:\Users\Tara\Documents\Removable Disk (G) - Shortcut.lnk
    [2013/07/27 22:57:16 | 000,000,512 | ---- | C] () -- C:\Users\Tara\Desktop\MBR.dat
    [2013/07/25 23:39:31 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_bpenum_01007.Wdf
    [2013/07/25 23:30:35 | 000,675,958 | ---- | C] () -- C:\windows\System32\oem7.inf
    [2013/07/25 23:13:32 | 000,001,219 | ---- | C] () -- C:\Users\Tara\AppData\Local\Local - Shortcut.lnk
    [2013/07/25 22:57:42 | 000,666,633 | ---- | C] () -- C:\Users\Tara\Desktop\AdwCleaner.exe
    [2013/07/24 23:59:23 | 000,000,066 | -HS- | C] () -- C:\_PartitionInfo
    [2013/07/24 23:04:08 | 013,399,154 | ---- | C] () -- C:\Users\Tara\Desktop\mbar-1.06.0.1004.zip
    [2013/07/24 22:27:03 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/07/24 22:27:03 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/07/24 22:27:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/07/24 22:27:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/07/24 22:27:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/07/24 22:20:33 | 000,002,959 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.lnk
    [2013/07/24 22:19:54 | 001,402,880 | ---- | C] () -- C:\Users\Tara\Desktop\HiJackThis.msi
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2013/07/22 22:38:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2013/07/22 21:31:18 | 000,000,898 | ---- | C] () -- C:\Users\Tara\Desktop\NTREGOPT.lnk
    [2013/07/22 21:31:18 | 000,000,879 | ---- | C] () -- C:\Users\Tara\Desktop\ERUNT.lnk
    [2013/07/22 21:17:05 | 007,123,312 | ---- | C] () -- C:\Users\Tara\Desktop\spybotsd_includes.exe
    [2013/07/22 21:08:16 | 000,001,244 | ---- | C] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/07/22 21:08:16 | 000,001,220 | ---- | C] () -- C:\Users\Tara\Desktop\Spybot - Search & Destroy.lnk
    [2013/07/18 21:03:25 | 003,007,700 | ---- | C] () -- C:\Users\Tara\Desktop\revouninstaller.zip
    [2013/07/18 20:28:24 | 000,000,644 | ---- | C] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,616 | ---- | C] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/07/18 20:28:24 | 000,000,446 | ---- | C] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/07/18 20:28:18 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/07/18 20:28:18 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/07/18 18:46:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/07 18:19:56 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
    [2011/05/20 17:40:41 | 000,001,940 | ---- | C] () -- C:\Users\Tara\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

  10. #10
    Junior Member
    Join Date
    Nov 2009
    Posts
    29

    Default

    the ongoing continuing issue

    is that the pc is showing issues in the device manager

    the chipset driver and Network drivers are are showing yellow warning triangles and the pc wont let me repair or update the drivers

    i have downloaded them on another pc and transferred them over to the faulty pc as it does not have an internet connection

    when i run them some they either wont run atall (the chipset driver) or it runs and tells me the driver is older than the current one installed (the Wireless lan driver)

    before i carried out any repairs or scans the internet connection came up as having limited access and i could view all the available connections but not create a new one

    after the last set of repairs i am now not seeing any available connections and i am still unable to install either the wirelss drivers or the ethernet drivers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •