|
-
August 14th, 2012, 05:17 PM
#16
Is this going to eliminate some of my files or programs.
No.
-
August 14th, 2012, 05:41 PM
#17
I don't know what I am doing wrong. I get to the recovery options and select command prompt. and find flash drive leter is h. Then I type in h:\first64 and get can't find path, so I try it h:\first64.exe, H:\FIRST64 AND H:\FIRST64.EXE it either says invalid or can't find path.
can't think of any other formats it should be in. At any rate, I am feeling a little more comfortable doin it. Maybe I will try it in a different USB slot.
Last edited by imadreamer2; August 14th, 2012 at 05:43 PM.
imadreamer2
-
August 14th, 2012, 05:48 PM
#18
Did you download Farbar Recovery Scan Tool 64-Bit to your flash drive?
-
August 14th, 2012, 06:07 PM
#19
Yes, I just did it again to a different flash drive in case. So Will give it a try.
imadreamer2
-
August 14th, 2012, 06:19 PM
#20
I am supposed to type it in the black command window at the prompt am I not. It still says not a valid internal or external command and the flashing prompt comes back.
the only reason I am opening the notepad is to find out what the drive letter is, right. When I open the h flash drive and switch to all files it says FIRST64. I am really confused.
imadreamer2
-
August 14th, 2012, 06:35 PM
#21
Restart normally.
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 14th, 2012, 06:46 PM
#22
OTL logfile created on: 8/14/2012 5:39:04 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\imadreamer2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.41% Memory free
5.50 Gb Paging File | 4.45 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 851.28 Gb Free Space | 93.35% Space Free | Partition Type: NTFS
Computer Name: IMADREAMER2-PC | User Name: imadreamer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/14 17:36:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\imadreamer2\Desktop\OTL.exe
PRC - [2012/08/12 16:51:55 | 001,697,312 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/03/21 16:05:32 | 002,113,536 | ---- | M] (NCP) -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
PRC - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2011/01/26 19:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/18 20:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/12 16:51:55 | 002,049,056 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/08/12 16:51:55 | 001,697,312 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2011/01/18 20:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/01/18 20:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
MOD - [2004/07/19 13:06:58 | 000,520,192 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\c4dll.dll
MOD - [2003/05/28 08:55:30 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\ssleay32.dll
MOD - [2003/05/28 08:55:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\libeay32.dll
MOD - [2002/09/12 09:29:46 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\zlib.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/10 18:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 18:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2012/08/12 16:51:55 | 001,697,312 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/26 19:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 10:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/30 04:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = https://mail.google.com/mail/#inbox
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/#inbox
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110795&tt=120812_bandext_3212_3&babsrc=SP_ss&mntrId=bc23e160000000000000f80f4133d8a9
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte-fa-v/search/redirect/?type=default&user_id=052d0d60-eec9-4e2e-9a66-24efa7c7ba0c&query={searchTerms}
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe (NCP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/F...ansferCtrl.cab (DLC Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/isan/def...ploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: DhcpNameServer = 97.64.183.164 97.64.209.37
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\22565~1.25\{16CDF~1\BROWSE~1.DLL) - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/14 17:36:53 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\imadreamer2\Desktop\OTL.exe
[2012/08/14 13:42:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/14 13:37:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/13 22:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/13 22:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/13 22:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/13 22:32:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/13 22:32:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 22:20:59 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\imadreamer2\Desktop\rkill.exe
[2012/08/13 22:18:46 | 004,731,875 | R--- | C] (Swearware) -- C:\Users\imadreamer2\Desktop\ComboFix.exe
[2012/08/13 18:03:29 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\Documents\logs
[2012/08/13 17:57:09 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\AppData\Roaming\Malwarebytes
[2012/08/13 17:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/13 17:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/13 17:56:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/13 17:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/13 17:49:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\imadreamer2\Desktop\dds.com
[2012/08/13 17:48:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\imadreamer2\Desktop\aswMBR.exe
[2012/08/13 17:47:28 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\imadreamer2\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/13 15:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/08/13 15:05:31 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\AppData\Local\Conduit
[2012/08/13 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper
[2012/08/13 12:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/13 12:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/12 17:31:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/08/12 17:31:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/08/12 16:52:00 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/08/12 16:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/08/12 16:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playbryte
[2012/08/06 23:29:36 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\Documents\dreamer2
[2012/08/06 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\Documents\newlife
========== Files - Modified Within 30 Days ==========
[2012/08/14 17:36:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\imadreamer2\Desktop\OTL.exe
[2012/08/14 17:21:18 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 17:21:18 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 17:18:21 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 17:18:21 | 000,626,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 17:18:21 | 000,107,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 17:14:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 17:14:01 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 14:06:24 | 000,000,041 | ---- | M] () -- C:\Users\imadreamer2\AppData\Roaming\mbam.context.scan
[2012/08/14 13:19:02 | 000,074,796 | ---- | M] () -- C:\Users\imadreamer2\Desktop\COMBOFIX.jpg
[2012/08/14 13:14:44 | 000,751,238 | ---- | M] () -- C:\Users\imadreamer2\Desktop\COMBOFIX.BMP
[2012/08/14 12:11:59 | 004,731,875 | R--- | M] (Swearware) -- C:\Users\imadreamer2\Desktop\ComboFix.exe
[2012/08/13 22:20:59 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\imadreamer2\Desktop\rkill.exe
[2012/08/13 18:55:42 | 000,000,512 | ---- | M] () -- C:\Users\imadreamer2\Desktop\MBR.dat
[2012/08/13 17:57:02 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 17:49:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\imadreamer2\Desktop\dds.com
[2012/08/13 17:49:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\imadreamer2\Desktop\aswMBR.exe
[2012/08/13 17:47:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\imadreamer2\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/13 17:46:37 | 000,302,592 | ---- | M] () -- C:\Users\imadreamer2\Desktop\44viy61g.exe
[2012/08/13 15:05:36 | 000,000,009 | ---- | M] () -- C:\END
[2012/08/12 16:51:56 | 000,000,319 | ---- | M] () -- C:\user.js
[2012/08/10 11:55:50 | 003,932,214 | ---- | M] () -- C:\Users\imadreamer2\Desktop\britishkitchen.bmp
[2012/08/03 21:46:07 | 003,932,214 | ---- | M] () -- C:\Users\imadreamer2\Desktop\summerboardwalk.bmp
[2012/07/27 11:44:04 | 003,932,214 | ---- | M] () -- C:\Users\imadreamer2\Desktop\moroccanbazaar.bmp
========== Files Created - No Company Name ==========
[2012/08/14 14:06:24 | 000,000,041 | ---- | C] () -- C:\Users\imadreamer2\AppData\Roaming\mbam.context.scan
[2012/08/14 13:19:01 | 000,074,796 | ---- | C] () -- C:\Users\imadreamer2\Desktop\COMBOFIX.jpg
[2012/08/14 13:14:44 | 000,751,238 | ---- | C] () -- C:\Users\imadreamer2\Desktop\COMBOFIX.BMP
[2012/08/13 22:32:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/13 22:32:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/13 22:32:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/13 22:32:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/13 22:32:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/13 18:53:20 | 000,000,512 | ---- | C] () -- C:\Users\imadreamer2\Desktop\MBR.dat
[2012/08/13 17:57:02 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 17:46:37 | 000,302,592 | ---- | C] () -- C:\Users\imadreamer2\Desktop\44viy61g.exe
[2012/08/13 15:05:36 | 000,000,009 | ---- | C] () -- C:\END
[2012/08/12 16:51:55 | 000,000,319 | ---- | C] () -- C:\user.js
[2012/08/10 11:54:55 | 003,932,214 | ---- | C] () -- C:\Users\imadreamer2\Desktop\britishkitchen.bmp
[2012/08/03 21:44:55 | 003,932,214 | ---- | C] () -- C:\Users\imadreamer2\Desktop\summerboardwalk.bmp
[2012/07/27 11:40:43 | 003,932,214 | ---- | C] () -- C:\Users\imadreamer2\Desktop\moroccanbazaar.bmp
[2012/06/16 18:19:27 | 000,007,597 | ---- | C] () -- C:\Users\imadreamer2\AppData\Local\Resmon.ResmonCfg
[2011/12/13 21:48:21 | 000,000,277 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/12/13 21:44:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/12/02 23:11:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/02 20:17:18 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2011/12/02 19:30:02 | 000,000,000 | ---D | M] -- C:\Users\imadreamer2\AppData\Roaming\OEM
[2012/05/22 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\imadreamer2\AppData\Roaming\QuickScan
[2012/08/14 15:43:21 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
imadreamer2
-
August 14th, 2012, 06:47 PM
#23
OTL Extras logfile created on: 8/14/2012 5:39:04 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\imadreamer2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.41% Memory free
5.50 Gb Paging File | 4.45 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 851.28 Gb Free Space | 93.35% Space Free | Partition Type: NTFS
Computer Name: IMADREAMER2-PC | User Name: imadreamer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041AF936-5F5A-499A-94F3-D68ABA9BC8FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C26D490C-8415-4AB5-9C24-81E4C5A99409}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D77A2-D4C7-428C-AF19-3EC78F8D0B6E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{13564932-A553-4F85-96F6-45AADCB3D86F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C5B7B24-B6C4-44A2-A427-C09A3A7E0D4E}" = protocol=17 | dir=in | app=c:\users\imadreamer2\appdata\local\temp\7zs8719.tmp\symnrt.exe |
"{7CC31863-3228-4C81-B859-FA55B24A6AC6}" = protocol=6 | dir=in | app=c:\users\imadreamer2\appdata\local\temp\7zs8719.tmp\symnrt.exe |
"{FD2560CE-0FED-4C36-BB4B-81097E33DEFB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CEB5AC4-B6F8-414C-845D-4295C125D17B}" = NCP Internet Transporter
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Internet Transporter - NCP Link
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.00
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InternetHelper Toolbar" = InternetHelper Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Playbryte" = PlayBryte
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"WTA-158ecb07-af1f-4154-945c-f55e8753594a" = Diner Dash 2 Restaurant Rescue
"WTA-1e124f45-4a26-4110-b585-386fd2ae838c" = Chuzzle Deluxe
"WTA-250d5df5-f9c9-4392-ac95-4eec22065b60" = Polar Golfer
"WTA-32027e4b-8c77-419b-8fd7-a00fc16c4970" = Mystery P.I. - Stolen in San Francisco
"WTA-3e68c486-2b12-4621-b895-7ff22f76822e" = Zuma's Revenge
"WTA-4f5994d4-bbbc-4edc-a51d-cf82c42e5512" = Namco All-Stars: PAC-MAN
"WTA-521f32fa-bff7-4c17-a1d4-46b00c455492" = Final Drive: Nitro
"WTA-6ea43851-b76a-4a67-96bb-74befd6f5e37" = Virtual Villagers 4 - The Tree of Life
"WTA-768068bd-1737-4f7f-903d-89d17e5d8966" = Agatha Christie - 4:50 from Paddington
"WTA-77bbea84-266a-4961-8e82-9b61364f9187" = Polar Bowler
"WTA-77ffc180-bcf0-47f0-93fb-bac31c594c34" = Penguins!
"WTA-b25efcad-5df3-4e04-bcbe-22b033b74a4d" = Bejeweled 2 Deluxe
"WTA-b6a08641-2f6e-46ed-8c59-98e4afa84f28" = Build-a-lot 2
"WTA-c2ce25f8-7b61-4ad2-86aa-8b3ed43e5b56" = Plants vs. Zombies - Game of the Year
"WTA-e1731df3-54af-4258-a524-b84de8730535" = Torchlight
"WTA-e1c5e512-3740-44c9-9a22-f4f5833ce4b5" = Dora's World Adventure
"WTA-f0367f16-a17a-4865-8a54-b67282e5dfdb" = Poker Superstars III
"WTA-f3fad5ba-7455-4348-9441-e20c6ba26213" = Jewel Quest Heritage
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/19/2012 2:44:23 PM | Computer Name = imadreamer2-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 7/19/2012 3:39:00 PM | Computer Name = imadreamer2-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 7/20/2012 2:15:09 PM | Computer Name = imadreamer2-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/20/2012 3:11:25 PM | Computer Name = imadreamer2-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 7/20/2012 8:05:00 PM | Computer Name = imadreamer2-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: adc Start
Time: 01cd66c6c94192c0 Termination Time: 40 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: a24fc459-d2c7-11e1-89df-f80f4133d8a9
Error - 7/20/2012 8:08:13 PM | Computer Name = imadreamer2-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/20/2012 8:14:03 PM | Computer Name = imadreamer2-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/21/2012 4:02:25 PM | Computer Name = imadreamer2-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/21/2012 4:39:48 PM | Computer Name = imadreamer2-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 7/21/2012 6:55:30 PM | Computer Name = imadreamer2-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fa4 Start
Time: 01cd677e1fb59310 Termination Time: 76 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 27f06469-d387-11e1-8a1f-f80f4133d8a9
[ Media Center Events ]
Error - 1/23/2012 11:51:59 AM | Computer Name = imadreamer2-PC | Source = MCUpdate | ID = 0
Description = 9:51:55 AM - Error connecting to the internet. 9:51:55 AM - Unable
to contact server..
[ System Events ]
Error - 4/27/2012 10:26:02 PM | Computer Name = imadreamer2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.
Error - 5/10/2012 2:13:52 AM | Computer Name = imadreamer2-PC | Source = DCOM | ID = 10005
Description =
Error - 5/10/2012 2:13:52 AM | Computer Name = imadreamer2-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 5/10/2012 2:13:52 AM | Computer Name = imadreamer2-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069
Error - 5/18/2012 8:54:29 PM | Computer Name = imadreamer2-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.171.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 5/23/2012 6:59:58 PM | Computer Name = imadreamer2-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.435.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 5/30/2012 6:25:27 PM | Computer Name = imadreamer2-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1045.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 6/3/2012 6:17:15 PM | Computer Name = imadreamer2-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1246.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 6/16/2012 7:55:59 PM | Computer Name = imadreamer2-PC | Source = Service Control Manager | ID = 7034
Description = The GREGService service terminated unexpectedly. It has done this
1 time(s).
Error - 6/17/2012 2:19:52 AM | Computer Name = imadreamer2-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115
< End of report >
imadreamer2
-
August 14th, 2012, 07:42 PM
#24
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110795&tt=120812_bandext_3212_3&babsrc=SP_ss&mntrId=bc23e160000000000000f80f4133d8a9
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte-fa-v/search/redirect/?type=default&user_id=052d0d60-eec9-4e2e-9a66-24efa7c7ba0c&query={searchTerms}
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
IE - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-346495979-3667132970-1202339365-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
==================================================
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
4. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
-
August 14th, 2012, 07:55 PM
#25
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-346495979-3667132970-1202339365-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-346495979-3667132970-1202339365-1000\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry value HKEY_USERS\S-1-5-21-346495979-3667132970-1202339365-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9d0f7eb2-452d-4766-b535-8d23e36c300e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0f7eb2-452d-4766-b535-8d23e36c300e}\ deleted successfully.
C:\Program Files (x86)\InternetHelper\prxtbInte.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d0f7eb2-452d-4766-b535-8d23e36c300e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0f7eb2-452d-4766-b535-8d23e36c300e}\ not found.
File C:\Program Files (x86)\InternetHelper\prxtbInte.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9d0f7eb2-452d-4766-b535-8d23e36c300e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0f7eb2-452d-4766-b535-8d23e36c300e}\ not found.
File C:\Program Files (x86)\InternetHelper\prxtbInte.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-346495979-3667132970-1202339365-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: imadreamer2
->Temp folder emptied: 3639 bytes
->Temporary Internet Files folder emptied: 270397371 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5044181 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26080 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 263.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: imadreamer2
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: imadreamer2
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_184924
Files\Folders moved on Reboot...
C:\Users\imadreamer2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\imadreamer2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
imadreamer2
-
August 14th, 2012, 08:08 PM
#26
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
imadreamer2
-
August 14th, 2012, 08:12 PM
#27
Farbar Service Scanner Version: 06-08-2012
Ran by imadreamer2 (administrator) on 14-08-2012 at 19:11:34
Running from "C:\Users\imadreamer2\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
imadreamer2
-
August 14th, 2012, 09:13 PM
#28
eset results.jpg
done no threats found.
imadreamer2
-
August 14th, 2012, 11:32 PM
#29
I don't believe this, after all that IE is still dragging . but when I looke at manage addons under the tool bar it shows
Under search providers Babylon as default although it does say not available That makes no sense.
plus under accelerators it shows map with bing disabled
translate with bing disabled
I did have them disabled but I thought bing was a search provider
imadreamer2
-
August 14th, 2012, 11:33 PM
#30
Last edited by Broni; August 15th, 2012 at 12:57 PM.
imadreamer2
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
