Slumdog Posted July 17, 2013 Posted July 17, 2013 I had this problem before and it is now back with a vengeance. Every time I try to turn off my Dell laptop it just starts up again (the disc drive makes the noise like it is trying to receive a disc), wiping all saved usernames and passwords. and every time, I have to reinstall Flash Player. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.17.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 garysmithafc :: LAPTOP [administrator] 17/07/2013 09:47:08 mbam-log-2013-07-17 (09-47-08).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 386669 Time elapsed: 1 hour(s), 41 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\garysmithafc\Music\Now Thats What I Call Music 82 (2012) - 2CD [tL]\Key for RAR file.exe (Trojan.AutoIt) -> Quarantined and deleted successfully. (end) OTL logfile created on: 17/07/2013 12:10:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\garysmithafc\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 55.81% Memory free 6.19 Gb Paging File | 4.91 Gb Available in Paging File | 79.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.26 Gb Total Space | 126.53 Gb Free Space | 57.45% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.71 Gb Free Space | 47.13% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: garysmithafc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\garysmithafc\Downloads\OTL.exe (OldTimer Tools) PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit) PRC - C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (IObit) PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\ProgramData\DataCardService\HWDeviceService.exe () PRC - C:\ProgramData\DataCardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (HWDeviceService.exe) -- C:\ProgramData\DataCardService\HWDeviceService.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (TfSysMon) -- system32\drivers\TfSysMon.sys File not found DRV - (TfNetMon) -- C:\Windows\system32\drivers\TfNetMon.sys File not found DRV - (TfFsMon) -- system32\drivers\TfFsMon.sys File not found DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (sarlgabl) -- C:\Windows\system32\drivers\sarlgabl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found DRV - (cpuz132) -- C:\Users\GARYSM~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (byeslebu) -- C:\Windows\system32\drivers\byeslebu.sys File not found DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.) DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18827 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYGAGB&apn_uid=F0D5B4F9-D54E-470E-B071-EE74952B1678&apn_sauid=908C6D78-5285-449A-8AD4-D369965D2873 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK_en-GB IE - HKCU\..\SearchScopes\{96A9E1EC-B58E-4562-BAE7-F79E71ACEF34}: "URL" = https://www.flickr.com/search/?q=%7BsearchTerms%7D IE - HKCU\..\SearchScopes\{9BCE324A-85C7-4461-A177-5C43111827FD}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18827" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=18827" FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18827&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012/05/26 17:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/02 17:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/02 17:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/25 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/25 13:29:34 | 000,000,000 | ---D | M] [2010/04/01 12:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Extensions [2013/07/05 21:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions [2010/09/20 19:05:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/07/05 21:38:00 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions\ascsurfingprotection@iobit.com [2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\searchplugins\askcom.xml [2013/04/11 19:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/06 13:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/09/05 00:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF [2013/04/10 07:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/19 01:33:11 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/10/19 01:33:18 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2013/04/02 17:49:17 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011/05/08 12:14:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/04/10 07:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/10 07:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealDownloader = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ O1 HOSTS File: ([2011/05/29 23:39:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: blank ([]about in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Value error.) O16 - DPF: {D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3} https://cdn4.userzoom.com/s/ie/f2/UserZoom.cab (Reg Error: Value error.) O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://cdn4.userzoom.com/s/ie/UserZoom.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE50384C-B309-483F-BD71-F3BFC7743A08}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found O24 - Desktop WallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Advanced SystemCare 6 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) MsConfig - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) MsConfig - StartUpReg: OutpostMonitor - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/13 01:43:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/12 09:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp36166A73-3FC9-2B9B-FD84-F3920972C80F-Signatures [2013/07/11 13:17:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/11 13:17:16 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/07/11 12:01:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/11 12:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/11 12:01:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/11 12:01:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/11 12:01:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/11 12:01:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/11 12:01:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/11 12:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/11 09:19:20 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/07/11 09:19:07 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/11 09:19:06 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/07/11 09:19:06 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/07/11 09:19:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/07/11 09:19:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/07/11 09:19:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/07/11 09:19:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/07/11 09:19:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/07/11 09:19:04 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/11 09:19:03 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/06 00:06:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/06 00:06:25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/03 15:23:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2013/06/25 13:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer [2013/06/25 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer [2013/06/19 10:07:31 | 000,000,000 | ---D | C] -- C:\Users\garysmithafc\AppData\Local\{F32B9B11-3C51-4271-97EA-D7AB6DFD2C77} [2013/06/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller [2013/06/17 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/17 12:09:15 | 016,037,070 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/17 12:09:15 | 008,161,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/17 12:05:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/17 12:05:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/07/17 12:03:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/17 12:02:32 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013/07/17 12:02:32 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013/07/17 12:02:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/17 12:02:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/17 12:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/17 12:02:11 | 3217,145,856 | -HS- | M] () -- C:\hiberfil.sys [2013/07/17 12:01:25 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/07/17 11:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/13 09:09:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/12 19:09:19 | 000,007,808 | ---- | M] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat [2013/07/12 19:08:52 | 000,000,199 | ---- | M] () -- C:\Users\garysmithafc\Desktop\bet365 - Online Sports Betting.url [2013/07/12 14:03:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job [2013/07/12 09:14:47 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/11 12:45:04 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/06 00:06:13 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/06 00:06:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/06 00:06:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/07/06 00:06:05 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/07/05 21:43:23 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/07/05 21:37:56 | 000,001,040 | ---- | M] () -- C:\Users\garysmithafc\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk [2013/07/05 21:37:56 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk [2013/06/25 13:29:32 | 000,000,031 | -H-- | M] () -- C:\Windows\UKCpInfo.sys [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys [2013/06/17 20:58:47 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/16 18:32:14 | 3217,145,856 | -HS- | C] () -- C:\hiberfil.sys [2013/07/12 14:03:50 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job [2013/07/05 21:43:23 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/06/25 13:29:32 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys [2013/06/17 20:58:47 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie [2013/05/20 16:22:51 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll [2013/05/20 16:22:51 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll [2013/05/20 16:09:59 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2013/05/20 16:09:59 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin [2013/05/20 16:09:59 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2012/05/24 13:23:28 | 000,000,033 | ---- | C] () -- C:\Windows\System32\machine.ini [2010/07/22 20:39:28 | 000,000,642 | ---- | C] () -- C:\Users\garysmithafc\AppData\Roaming\wklnhst.dat [2010/06/28 00:04:39 | 000,052,942 | ---- | C] () -- C:\Program Files\EULA.eng [2009/11/19 13:36:07 | 000,007,808 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat [2009/11/18 21:02:09 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/18 21:02:08 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/11/18 20:22:47 | 000,029,184 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/27 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\AnvSoft [2009/11/19 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/04/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\DriverCure [2013/05/20 16:26:43 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\EPSON [2011/05/14 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\GetRightToGo [2010/04/06 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\iCopyExpert [2013/04/26 01:02:36 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\IObit [2011/09/23 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Keynote Systems [2012/08/27 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Leawo [2010/04/16 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Livestation [2010/04/16 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Mchid [2012/05/16 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Nokia [2010/04/12 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Nokia Ovi Suite [2011/04/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\ParetoLogic [2009/11/20 23:07:19 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\PC Suite [2011/06/16 00:55:12 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Publish Providers [2011/05/17 23:15:44 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\RegistryKeys [2011/06/16 01:02:38 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Sony [2012/05/26 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\T-Mobile [2013/04/24 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\T-Mobile Internet Manager [2010/07/22 20:39:29 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Template [2010/07/09 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Tific [2013/05/14 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\uTorrent [2010/10/21 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD2500BEVS-75UST0 Partitions: 4 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 125.00MB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 10.00GB Starting Offset: 132120576 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 220.00GB Starting Offset: 10869538816 Hidden sectors: 0 DeviceID: Disk #0, Partition #3 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 2.00GB Starting Offset: 247373758464 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2013/07/05 21:43:23 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2008/07/25 04:47:05 | 000,005,055 | RH-- | M] () -- C:\dell.sdr [2013/07/17 12:02:11 | 3217,145,856 | -HS- | M] () -- C:\hiberfil.sys [2011/09/26 10:19:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/09/26 10:19:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/07/24 20:10:05 | 000,026,927 | ---- | M] () -- C:\newfile.enc [2008/07/24 20:10:05 | 000,026,927 | ---- | M] () -- C:\newkey [2013/07/17 12:02:09 | 3533,000,704 | -HS- | M] () -- C:\pagefile.sys [2011/05/24 15:46:17 | 000,038,454 | ---- | M] () -- C:\RPSetup.exe.log [2012/05/25 19:06:49 | 000,001,502 | ---- | M] () -- C:\SoftUpdateLog.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [2010/01/17 18:15:28 | 000,052,942 | ---- | M] () -- C:\Program Files\EULA.eng < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/10 07:58:33 | 000,865,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/10 07:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/04/29 15:11:18 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/29 03:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A2947BEA < End of report > Quote
Slumdog Posted July 17, 2013 Author Posted July 17, 2013 Part 2 OTL Extras logfile created on: 17/07/2013 12:10:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\garysmithafc\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 55.81% Memory free 6.19 Gb Paging File | 4.91 Gb Available in Paging File | 79.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.26 Gb Total Space | 126.53 Gb Free Space | 57.45% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.71 Gb Free Space | 47.13% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: garysmithafc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{108243C0-2282-4110-AE2E-C58369E8E780}" = rport=139 | protocol=6 | dir=out | app=system | "{3856AF65-6074-4B7C-B966-FE1DE0EA461E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{484BE56F-7EA1-47DC-9B15-73EF8C135C17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{50820A35-34A6-4899-A919-DCD3867F3227}" = lport=137 | protocol=17 | dir=in | app=system | "{621C45B4-7938-40F3-AF09-6E888B64E8D0}" = lport=139 | protocol=6 | dir=in | app=system | "{6DFED5B9-2CBD-4485-8CBF-C66163713A92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{725E63D1-6FD6-4670-8A24-503F6E3336F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C6EEB374-B282-4C2A-BC57-88C998CAC25B}" = rport=445 | protocol=6 | dir=out | app=system | "{D756C833-C34E-4A0D-A0FD-A5A741FCB37E}" = rport=138 | protocol=17 | dir=out | app=system | "{DAE83116-DDDD-4E9F-9B49-93C0BC11870F}" = rport=137 | protocol=17 | dir=out | app=system | "{DB9F3DBD-CB30-428D-90A5-0B166C54D69B}" = lport=445 | protocol=6 | dir=in | app=system | "{F523C752-8B34-4DF2-A5B4-FAD3419B1BD9}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01A6F213-ACB7-465B-9E96-B626C2391284}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{034C0BAA-3E8B-4450-877F-69EC4427A351}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{10F62135-16A3-4CC7-A582-7322FCD79B4F}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{168ADD08-2B56-4436-A2BF-6D46B2F8B538}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{8A5C0812-35CC-4658-8A6F-295F20633559}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{9054BFA5-BCD9-49CE-83C4-624B31E334BC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{950D2350-E7D8-4661-9AE6-FAFAAA7936AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AB83B607-2677-4CBD-8390-5A45E111D1DA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{CE7A51B5-B213-40C7-A291-FC74654B1FA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D793C89D-D053-48E6-B410-EC50F42D5538}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{D989944A-F2AD-4CB4-863F-29DE00C0B519}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{E3C1E6E8-B7FF-4CD8-9971-396429DC019F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E8AC86B0-2D01-4400-87D4-EAEE4A1B20F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EF82FF3D-2513-4087-8C23-FEDA60D0BD6F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{49430882-BFD3-472F-AFD4-64D349751474}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "TCP Query User{72F4D971-0640-4480-BAEC-3DCEF80A6404}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{912D11D4-AF95-4B48-BB2A-2858B16C66C8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{C219FC0F-18B6-4820-8EF8-54073CE04B24}C:\users\garysmithafc\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\garysmithafc\appdata\local\mediaget2\mediaget.exe | "TCP Query User{D81D7B81-CCBD-4DAD-A127-99E6503999BF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{4F014D84-9E80-45C6-9E62-E0E97B1B9761}C:\users\garysmithafc\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\garysmithafc\appdata\local\mediaget2\mediaget.exe | "UDP Query User{762D679D-7A67-4055-8B50-40EED4E398D8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{AA7958C9-D5A3-45E8-91E2-0ACC19F09335}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{D3442BC0-4186-4432-87CE-C29CDD24B911}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{DED7675C-E878-480B-8B35-6EF84CFC3FED}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety "{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{5067397A-2935-4290-AE14-1BE2863B00A3}_is1" = Convert MP4 to MP3 1.5 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel "{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7662F66F-ED2D-4CB8-9E4D-5DD11CBF7D70}" = iRip "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{9F9BE2A8-2FA2-438E-934B-6F237B641167}" = Cooliris for Internet Explorer "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced SystemCare 6_is1" = Advanced SystemCare 6 "Advanced Video FX Engine" = Advanced Video FX Engine "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "Coupon Printer2.1.0.0" = Coupon Printer "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "EPSON Photo Print" = EPSON Photo Print "File Shredder_is1" = File Shredder 2.5 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "iCopyExpert_is1" = iCopyExpert 3.1.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Suite" = Nokia Suite "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9 "PokerStars" = PokerStars "RealPlayer 16.0" = RealPlayer "SpywareBlaster_is1" = SpywareBlaster 5.0 "T-Mobile Internet Manager" = T-Mobile Internet Manager "uTorrent" = µTorrent "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17/07/2013 04:17:15 | Computer Name = laptop | Source = Windows Search Service | ID = 3028 Description = Error - 17/07/2013 04:17:15 | Computer Name = laptop | Source = Windows Search Service | ID = 3058 Description = Error - 17/07/2013 04:17:29 | Computer Name = laptop | Source = WinMgmt | ID = 10 Description = Error - 17/07/2013 04:24:01 | Computer Name = laptop | Source = LoadPerf | ID = 3012 Description = Error - 17/07/2013 04:24:01 | Computer Name = laptop | Source = LoadPerf | ID = 3011 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = WinMgmt | ID = 10 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 17/07/2013 07:04:27 | Computer Name = laptop | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 450 Start Time: 01ce82dd42420714 Termination Time: 63 Error - 17/07/2013 07:09:11 | Computer Name = laptop | Source = LoadPerf | ID = 3012 Description = Error - 17/07/2013 07:09:11 | Computer Name = laptop | Source = LoadPerf | ID = 3011 Description = [ Broadcom Wireless LAN Events ] Error - 10/04/2013 12:56:50 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 17:56:50, Wed, Apr 10, 13 Error - Unable to gain access to user store Error - 17/04/2013 09:25:04 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 14:25:03, Wed, Apr 17, 13 Error - Unable to gain access to user store Error - 20/04/2013 07:04:53 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 12:04:52, Sat, Apr 20, 13 Error - Unable to gain access to user store Error - 23/04/2013 13:08:29 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 18:08:28, Tue, Apr 23, 13 Error - Unable to gain access to user store Error - 25/04/2013 12:37:25 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 17:37:24, Thu, Apr 25, 13 Error - Unable to gain access to user store Error - 06/05/2013 08:38:30 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 13:38:29, Mon, May 06, 13 Error - Unable to gain access to user store Error - 13/05/2013 07:11:26 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 12:11:25, Mon, May 13, 13 Error - Unable to gain access to user store Error - 13/05/2013 08:32:49 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 12:17:18, Mon, May 13, 13 Error - Unable to gain access to user store Error - 22/06/2013 12:22:42 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 17:22:41, Sat, Jun 22, 13 Error - Unable to gain access to user store Error - 12/07/2013 10:38:58 | Computer Name = laptop | Source = WLAN-Tray | ID = 0 Description = 15:38:57, Fri, Jul 12, 13 Error - Unable to gain access to user store [ Dell Events ] Error - 17/05/2011 18:32:56 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 17/05/2011 18:32:56 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 17/05/2011 19:00:01 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 17/05/2011 19:00:01 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 19/05/2011 04:38:08 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 19/05/2011 04:38:08 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 23/05/2011 11:24:06 | Computer Name = laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 17/07/2013 04:17:29 | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = Error - 17/07/2013 04:17:29 | Computer Name = laptop | Source = Service Control Manager | ID = 7009 Description = Error - 17/07/2013 04:17:29 | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = Error - 17/07/2013 04:18:24 | Computer Name = laptop | Source = DCOM | ID = 10016 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = Service Control Manager | ID = 7026 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = Error - 17/07/2013 07:03:09 | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = Error - 17/07/2013 07:03:31 | Computer Name = laptop | Source = DCOM | ID = 10016 Description = < End of report > Quote
etavares Posted July 18, 2013 Posted July 18, 2013 Hello, Slumdog. I see you have IOBit installed on your computer. This is a known rogue company that has been caught stealing definitions from legitimate companies. Please read about it here. Before I can help you, please uninstall IOBit Advanced SystemCare 6 via Add/Remove Programs. When that's done, please let me know. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
RandyL Posted July 19, 2013 Posted July 19, 2013 Please be patient Slumdog. The security team will help as soon as they get a chance. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
etavares Posted July 20, 2013 Posted July 20, 2013 Hello, Slumdog. In general, you should expect a reply within 24 hours. In this case, I've been away from my computer but I'm back. I'll always reply within 48 hours of your last post. We'll start with cleaning up some orphaned entries. Also, with the saved usernames and passwords...do you mean internet logon info? Or your actual user account in Windows? P2P Warning and Request The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean. Step 1 We need run an OTL ScriptPlease download OTL from one of the following mirrors if you do not still have it. This is first Mirror This is the second mirror [*]Save it to your desktop. [*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. [*]Paste the following code under the Custom Scans/Fixes box at the bottom. :otl DRV - (TfSysMon) -- system32\drivers\TfSysMon.sys File not found DRV - (TfNetMon) -- C:\Windows\system32\drivers\TfNetMon.sys File not found DRV - (TfFsMon) -- system32\drivers\TfFsMon.sys File not found DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (sarlgabl) -- C:\Windows\system32\drivers\sarlgabl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found DRV - (cpuz132) -- C:\Users\GARYSM~1\AppData\Local\Temp\cpuz132\cpuz1 32_x32.sys File not found DRV - (byeslebu) -- C:\Windows\system32\drivers\byeslebu.sys File not found DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searc...earch&AF=18827FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searc...earch&AF=18827" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=18827" FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18827&q=" O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Reg Error: Value error.) O16 - DPF: {D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3} https://cdn4.userzoom.com/s/ie/f2/UserZoom.cab (Reg Error: Value error.) O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://cdn4.userzoom.com/s/ie/UserZoom.cab (Reg Error: Value error.) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found :Files ipconfig /flushdns /c :commands [purity] [RESETHOSTS] [EMPTYFLASH] [*]Click the Run Fix button at the top. [*]let the program run unhindered and reboot when it is done. [*]You will get a log when it is done, please post that in your reply. [*]Please then create a new OTL report.... [*]Click the "Scan All Users" checkbox. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button. [*]A report will open, copy and paste it in a reply here. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 20, 2013 Author Posted July 20, 2013 ========== OTL ========== Service TfSysMon stopped successfully! Service TfSysMon deleted successfully! File system32\drivers\TfSysMon.sys File not found not found. Service TfNetMon stopped successfully! Service TfNetMon deleted successfully! File C:\Windows\system32\drivers\TfNetMon.sys File not found not found. Service TfFsMon stopped successfully! Service TfFsMon deleted successfully! File system32\drivers\TfFsMon.sys File not found not found. Service SymIMMP stopped successfully! Service SymIMMP deleted successfully! File system32\DRIVERS\SymIM.sys File not found not found. Service sarlgabl stopped successfully! Service sarlgabl deleted successfully! File C:\Windows\system32\drivers\sarlgabl.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service esgiguard stopped successfully! Service esgiguard deleted successfully! File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found. Service DFUBTUSB stopped successfully! Service DFUBTUSB deleted successfully! File System32\Drivers\frmupgr.sys File not found not found. Service cpuz132 stopped successfully! Service cpuz132 deleted successfully! File C:\Users\GARYSM~1\AppData\Local\Temp\cpuz132\cpuz1 32_x32.sys File not found not found. Service byeslebu stopped successfully! Service byeslebu deleted successfully! File C:\Windows\system32\drivers\byeslebu.sys File not found not found. Service BCM42RLY stopped successfully! Service BCM42RLY deleted successfully! File system32\drivers\BCM42RLY.sys File not found not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Prefs.js: "http://search.babylon.com/web/{searc...earch&AF=18827" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "http://search.babylon.com/home?AF=18827" removed from browser.startup.homepage Prefs.js: "http://search.babylon.com/?babsrc=adbartrp&AF=18827&q=" removed from keyword.URL Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found. Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968} C:\Windows\Downloaded Program Files\PhotoUploader55.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found. Starting removal of ActiveX control {D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3} C:\Windows\Downloaded Program Files\UserZoom.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D77F526B-FB71-4A52-A9FD-F1FFCD6A23D3}\ not found. Starting removal of ActiveX control {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} C:\Windows\Downloaded Program Files\UserZoom.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7637F18-B2C8-43E4-BCFE-BC3437DF469F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7637F18-B2C8-43E4-BCFE-BC3437DF469F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E7637F18-B2C8-43E4-BCFE-BC3437DF469F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7637F18-B2C8-43E4-BCFE-BC3437DF469F}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:vrlogon.dll deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. c:\Users\garysmithafc\Downloads\cmd.bat deleted successfully. c:\Users\garysmithafc\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: garysmithafc ->Flash cache emptied: 94190 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07202013_200419 Quote
Slumdog Posted July 20, 2013 Author Posted July 20, 2013 OTL logfile created on: 20/07/2013 20:13:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\garysmithafc\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.39% Memory free 6.19 Gb Paging File | 4.83 Gb Available in Paging File | 78.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.26 Gb Total Space | 130.22 Gb Free Space | 59.12% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.72 Gb Free Space | 47.17% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: garysmithafc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\garysmithafc\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\ProgramData\DataCardService\HWDeviceService.exe () PRC - C:\ProgramData\DataCardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (HWDeviceService.exe) -- C:\ProgramData\DataCardService\HWDeviceService.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.) DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYGAGB&apn_uid=F0D5B4F9-D54E-470E-B071-EE74952B1678&apn_sauid=908C6D78-5285-449A-8AD4-D369965D2873 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK_en-GBGB354 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{96A9E1EC-B58E-4562-BAE7-F79E71ACEF34}: "URL" = https://www.flickr.com/search/?q=%7BsearchTerms%7D IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{9BCE324A-85C7-4461-A177-5C43111827FD}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18827" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012/05/26 17:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/02 17:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/02 17:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/25 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/25 13:29:34 | 000,000,000 | ---D | M] [2010/04/01 12:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Extensions [2013/07/18 09:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions [2010/09/20 19:05:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\searchplugins\askcom.xml [2013/04/11 19:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/06 13:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/09/05 00:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF File not found (No name found) -- C:\USERS\GARYSMITHAFC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8LQR85O.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM [2013/04/10 07:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/19 01:33:11 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/10/19 01:33:18 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2013/04/02 17:49:17 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011/05/08 12:14:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/04/10 07:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/10 07:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealDownloader = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ O1 HOSTS File: ([2013/07/20 20:04:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found O4 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000..\Run: [] File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..Trusted Domains: blank ([]about in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE50384C-B309-483F-BD71-F3BFC7743A08}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/20 20:04:19 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/13 01:43:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/12 09:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp36166A73-3FC9-2B9B-FD84-F3920972C80F-Signatures [2013/07/11 13:17:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/11 13:17:16 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/07/11 12:01:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/11 12:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/11 12:01:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/11 12:01:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/11 12:01:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/11 12:01:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/11 12:01:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/11 12:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/11 09:19:20 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/07/11 09:19:07 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/11 09:19:06 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/07/11 09:19:06 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/07/11 09:19:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/07/11 09:19:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/07/11 09:19:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/07/11 09:19:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/07/11 09:19:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/07/11 09:19:04 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/11 09:19:03 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/06 00:06:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/06 00:06:25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/03 15:23:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2013/06/25 13:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer [2013/06/25 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/20 20:15:25 | 016,074,426 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/20 20:15:24 | 008,180,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/20 20:12:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/20 20:12:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/07/20 20:08:14 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013/07/20 20:08:14 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013/07/20 20:07:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/20 20:07:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/20 20:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/20 20:07:47 | 3219,193,856 | -HS- | M] () -- C:\hiberfil.sys [2013/07/20 20:06:43 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/07/20 20:04:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013/07/20 20:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/20 19:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/13 09:09:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/12 19:09:19 | 000,007,808 | ---- | M] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat [2013/07/12 19:08:52 | 000,000,199 | ---- | M] () -- C:\Users\garysmithafc\Desktop\bet365 - Online Sports Betting.url [2013/07/12 14:03:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job [2013/07/12 09:14:47 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/11 12:45:04 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/06 00:06:13 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/06 00:06:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/06 00:06:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/07/06 00:06:05 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/07/05 21:43:23 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/06/25 13:29:32 | 000,000,031 | -H-- | M] () -- C:\Windows\UKCpInfo.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/16 18:32:14 | 3219,193,856 | -HS- | C] () -- C:\hiberfil.sys [2013/07/12 14:03:50 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job [2013/07/05 21:43:23 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/06/25 13:29:32 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys [2013/05/20 16:22:51 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll [2013/05/20 16:22:51 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll [2013/05/20 16:09:59 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2013/05/20 16:09:59 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin [2013/05/20 16:09:59 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2012/05/24 13:23:28 | 000,000,033 | ---- | C] () -- C:\Windows\System32\machine.ini [2010/07/22 20:39:28 | 000,000,642 | ---- | C] () -- C:\Users\garysmithafc\AppData\Roaming\wklnhst.dat [2010/06/28 00:04:39 | 000,052,942 | ---- | C] () -- C:\Program Files\EULA.eng [2009/11/19 13:36:07 | 000,007,808 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat [2009/11/18 21:02:09 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/18 21:02:08 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/11/18 20:22:47 | 000,029,184 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A2947BEA < End of report > Quote
Slumdog Posted July 20, 2013 Author Posted July 20, 2013 With regards to the wiping of saved user names and passwords, I mean ones I have saved myself to log onto email, bank accounts and basically any site where one has to sign up to. And I have to re-install Flash Player EVERY time! Thanks. Quote
etavares Posted July 20, 2013 Posted July 20, 2013 Try shutting down now...did it do the same thing after running that OTL script? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 20, 2013 Author Posted July 20, 2013 That seems to have worked (for now!). Thank you. Quote
etavares Posted July 21, 2013 Posted July 21, 2013 OK, let's wait a bit. Let me know in a day or two if it's still stable or if it's having issues. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 22, 2013 Author Posted July 22, 2013 Ok, it is fine when I use sleep, hibernate or the power key but if i use shut down, when it restarts all saved log ins are gone and i have to sign into everything again. Also, Flash player has to be re-installed if and when i use shut down. I have also been prompted to do a microsoft security essentials full scan which I have attempted four times. The scan freezes after appx 17 minutes in the same place which is----------C:\Windows\System32\CodeIntegrity\Driver.Stl I have waited for hours to see if it will proceed but it doesn't. In fact the icon is still showing that it is scanning even though i cancelled the scan five hours ago! Quote
etavares Posted July 23, 2013 Posted July 23, 2013 Hello, Slumdog. Thanks for the info, that is helpful. Step 1 I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png After the scan, we'll see if it finds anything. This can often be hardware related as well. Have you connected any new devices (keyboard, mouse, printer, network, etc.) when this problem started? Also, when you hit "shutdown" exact what do you see? "Logging off", then "powering off"? Do you see any errors? Some errors can cause an auto reboot. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 23, 2013 Author Posted July 23, 2013 When shutting down all it says is 'logging off' then 'shutting down'. The only device I had a problem with was the dongle which moves photos from an Olympus camera to my laptop, but I have been using this for years and think it is a problem with the dongle. Result of scan--one item: C:\Program Files\SpeedingUpMyPC\SpeedingUpMyPC.exe a variant of Win32/Adware.SpeedingUpMyPC application cleaned by deleting - quarantined On the scan i noticed at one stage it scanned something to do with that IOBit program I thought I had deleted. Also Agnitum Outpost which I had problems deleting a while back. Thank you for your help. Quote
Slumdog Posted July 23, 2013 Author Posted July 23, 2013 Getting a bit fed up now with MSE running forever unless I Shutdown. Microsoft are no help whatsoever. Quote
etavares Posted July 24, 2013 Posted July 24, 2013 OK, please try this to disable an automatic start on error: http://pcsupport.about.com/od/windowsvista/ht/arestartvista.htm Then, please boot and try to Shut Down. Does it fully shut down? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 24, 2013 Author Posted July 24, 2013 Yes, it shut down completely AND when I turned it back on, there were no problems. Only had to re-install Flash Player (but i'm kind of getting used to that!). Quote
Slumdog Posted July 24, 2013 Author Posted July 24, 2013 There is one thing maybe I should have mentioned but I didn't think it had anything to do with the original problem; I keep losing my internet connection and have to disconnect totally (it says local access only) then re-connect. I have to repeat this process up to 10 times before it re-connects. This happens up to 5 times a day. I just thought it was a problem with the router. Quote
etavares Posted July 25, 2013 Posted July 25, 2013 Hi slumdog, Good to know. Let's try another process of elimination. Please go to Add/Remove programs and uninstall Adobe Flash Player. Next, follow the instructions from before, but this time CHECK the automatically restart button. Then, shut down. Does it reboot again? If so, it's a flash issue we can work on. If not, there's something more serious and it may be related to the connection issues. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 25, 2013 Author Posted July 25, 2013 It shutdown without a problem. I could only uninstall The Flash Player 11x part, not the "Flash Player 10 Plug in" part; it said "You do not have sufficient access to uninstall Adobe Flash Player 10 Plug In. Please contact your System Administrator". My parents have also had connection issues from the same router, but not as frequent or prolonged as mine. We are trying to get Sky round here to check Router. Quote
Slumdog Posted July 25, 2013 Author Posted July 25, 2013 Been in touch with Sky. The connection problem is down to them; every time the phone is used or we receive a call, the connection goes. Quote
KenB Posted July 25, 2013 Posted July 25, 2013 every time the phone is used or we receive a call, the connection goes. Have you tried disconnecting the Sky phone connection from the back of the box ? My sister checked out my line ( she works for BT ) when I had Sky and it definitely was a problem. Sky deny this ( of course ) !! Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Slumdog Posted July 25, 2013 Author Posted July 25, 2013 Yeah, thanks KenB. They went through it all over the phone and then decided that we really do need to see an engineer! They (Sky) say it cant be possible, but I am here now, dreading when the phone rings again!!! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.