-
FBI Ater you!
Hi Broni: It looks like we are back to square one. I apologize for all the time is taken to clean up that PC.
I ran the FARBAR SCAN,and I am posting the Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2013
Ran by SYSTEM at 11-04-2013 17:02:54
Running from E:\
Windows Vista (TM) Home Basic (X86) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\graceport\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-03-06] (Google Inc.)
HKU\graceport\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-12-19] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
4 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [808704 2011-08-20] (Acronis)
2 AERTFilters; C:\Windows\System32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3409872 2012-09-05] (Acronis)
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [136360 2011-03-28] (Avira GmbH)
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [269480 2011-06-28] (Avira GmbH)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-11-01] (Google)
2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-27] (Lexmark International, Inc.)
4 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3289208 2013-03-19] (Skype Technologies S.A.)
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-23] (Syntek America Inc.)
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5729328 2011-08-20] (Acronis)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.)
3 WLSetupSvc; "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" [266240 2007-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-06-28] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-06-28] (Avira GmbH)
3 Eplpdx02; \??\C:\Windows\system32\Drivers\EPLPDX02.SYS [70084 2001-08-09] (MK Systems CO., LTD.)
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-06] ()
3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-12-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-26] (Syntek America Inc.)
3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-01] (Syntek America Inc.)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [766208 2012-09-05] (Acronis)
3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [9600 2007-04-09] (Waytech Development, Inc.)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126112 2012-09-05] (Acronis)
0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [84512 2012-09-05] (Acronis)
3 XIRLINK; C:\Windows\System32\DRIVERS\C-itnt.sys [453475 1999-11-13] (Xirlink, Inc)
3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [402432 2005-10-27] (ZyDAS Technology Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\GRACEP~1\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 ZDPSp60; C:\Windows\System32\Drivers\ZDPSp60.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-10 07:50 - 2013-04-10 07:50 - 00018461 ____A C:\ComboFix.txt
2013-04-10 07:31 - 2013-04-10 07:50 - 00000000 ____D C:\Qoobox
2013-04-10 07:31 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-04-10 07:31 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-04-10 07:31 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-04-10 07:31 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-04-10 07:31 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-04-10 07:31 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-04-10 07:31 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-04-10 07:31 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-04-10 07:30 - 2013-04-10 07:30 - 05050592 ____R (Swearware) C:\Users\graceport\Desktop\ComboFix.exe
2013-04-07 05:47 - 2013-04-07 05:47 - 00000104 ____A C:\Users\graceport\Computer - Shortcut.lnk
2013-04-05 08:22 - 2013-04-05 08:22 - 00002100 ____A C:\Users\graceport\Desktop\RKreport[2]_D_04052013_02d1222.txt
2013-04-05 08:18 - 2013-04-05 08:18 - 00002045 ____A C:\Users\graceport\Desktop\RKreport[1]_S_04052013_02d1218.txt
2013-04-05 08:15 - 2013-04-05 08:21 - 00000000 ____D C:\Users\graceport\Desktop\RK_Quarantine
2013-04-05 08:13 - 2013-04-05 08:15 - 00000000 ____D C:\Malwarebytes AntiRoot Kit
2013-04-05 08:12 - 2013-04-05 08:12 - 12894739 ____A C:\Users\graceport\Desktop\mbar-1.01.0.1022.zip
2013-04-05 08:12 - 2013-04-05 08:12 - 00816128 ____A C:\Users\graceport\Desktop\RogueKiller.exe
2013-04-04 12:40 - 2013-04-04 12:40 - 00000000 ____D C:\New Folder
2013-04-04 12:26 - 2013-04-04 12:26 - 04745728 ____A (AVAST Software) C:\Users\graceport\Desktop\aswMBR.exe
2013-04-04 12:19 - 2013-04-04 12:19 - 00688992 ____R (Swearware) C:\Users\graceport\Desktop\dds.scr
2013-03-31 10:32 - 2013-04-04 12:40 - 00000000 ____D C:\Info for Virtual Dr
2013-03-27 13:50 - 2013-03-27 13:50 - 00000000 ____D C:\FRST
2013-03-26 08:00 - 2013-03-27 13:43 - 00000000 ____A C:\Users\graceport\AppData\Roaming\skype.ini
2013-03-22 15:26 - 2013-03-22 15:26 - 00002075 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-21 09:06 - 2013-03-22 06:40 - 00000000 ____D C:\GE Remote Control RC 24977
2013-03-21 08:54 - 2013-01-03 17:38 - 02048512 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-21 08:51 - 2013-01-04 21:26 - 03602808 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-03-21 08:51 - 2013-01-04 21:26 - 03550072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-21 08:51 - 2013-01-04 03:28 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-21 08:51 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-03-21 08:51 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-03-21 08:51 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-03-21 08:51 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-03-21 07:58 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-03-21 07:58 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-19 08:32 - 2013-03-19 08:33 - 00000000 ____D C:\ADOBE READER 11
2013-03-18 08:15 - 2013-03-18 08:17 - 00000000 ____D C:\Alfredo Sadel Romanticas MP3
2013-03-18 07:29 - 2013-03-18 07:47 - 00000000 ___RD C:\Alfredo Sadel Romanticas
2013-03-18 05:53 - 2013-03-18 07:34 - 00000000 ____D C:\Users\graceport\AppData\Roaming\ConverterLite
2013-03-18 05:53 - 2013-03-18 05:53 - 00001734 ____A C:\Users\Public\Desktop\ConverterLite.lnk
2013-03-18 05:53 - 2013-03-18 05:53 - 00000000 ____D C:\Program Files\ConverterLite
2013-03-18 05:52 - 2013-03-18 05:52 - 00000000 ____D C:\ProgramData\APN
2013-03-17 15:47 - 2013-03-19 08:33 - 00000000 ____D C:\TomTom GPS FIX
2013-03-17 12:24 - 2013-03-17 12:24 - 00000000 ____D C:\Foto Tio Victor y Guillermo
2013-03-15 11:50 - 2013-03-15 11:51 - 00000000 ____D C:\Padre Palmar y Chavez
2013-03-15 11:06 - 2013-03-15 11:06 - 00000000 ____D C:\Users\graceport\AppData\Local\HP
2013-03-15 04:34 - 2013-03-15 04:34 - 04758445 ____A C:\Users\graceport\Downloads\Nem-1.wmv
2013-03-15 04:32 - 2013-03-15 04:33 - 00000000 ____D C:\Lina Maria Perros
2013-03-14 10:29 - 2013-03-14 10:29 - 00001178 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2013-03-14 10:29 - 2013-03-14 10:29 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-03-14 10:25 - 2013-03-14 10:25 - 00000000 ____D C:\Windows\hpoj4500g510n-z
2013-03-14 10:24 - 2009-05-26 09:32 - 00716288 ____A (Hewlett-Packard) C:\Windows\System32\hpwwiax9.dll
2013-03-14 10:24 - 2009-05-26 09:32 - 00593920 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpwtscl5.dll
2013-03-14 10:24 - 2009-05-26 09:32 - 00315392 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpwvst01.dll
2013-03-14 10:24 - 2009-05-21 05:14 - 00452408 ____A (Hewlett-Packard) C:\Windows\System32\hpzids01.dll
2013-03-14 10:24 - 2009-05-18 13:49 - 00372736 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll
2013-03-14 10:23 - 2009-06-08 21:43 - 00122880 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l092.dll
2013-03-14 10:21 - 2013-03-14 10:33 - 00207143 ____A C:\Windows\hpwins28.dat
2013-03-13 16:51 - 2013-03-13 16:58 - 00000000 ____D C:\Alfredo Sadel
2013-03-13 13:35 - 2013-03-13 13:58 - 00000000 ____D C:\DVD Converters
2013-03-13 13:28 - 2013-03-13 13:28 - 00000000 ____D C:\Codec Identifier
2013-03-13 06:09 - 2013-02-28 09:41 - 06011392 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-13 06:09 - 2013-02-27 18:49 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-13 06:09 - 2013-02-02 01:18 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-13 06:09 - 2013-02-02 01:17 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-13 06:09 - 2013-02-02 01:17 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-13 06:09 - 2013-02-02 01:15 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-13 06:09 - 2013-02-02 01:13 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-13 06:09 - 2013-02-02 01:13 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-03-13 06:09 - 2013-02-02 01:13 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-13 06:09 - 2013-02-02 01:13 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-13 06:09 - 2013-02-02 01:12 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-13 06:09 - 2013-02-02 01:12 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-13 06:09 - 2013-02-02 01:12 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-13 06:09 - 2013-02-02 01:11 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-13 06:09 - 2013-02-01 23:37 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-13 06:09 - 2013-02-01 21:52 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-13 06:09 - 2013-02-01 21:52 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-13 06:09 - 2013-02-01 21:51 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-13 06:04 - 2013-03-13 06:11 - 00000000 ____D C:\PER 9
2013-03-13 06:03 - 2013-03-13 06:03 - 00000000 ____D C:\Users\graceport\Documents\PER 8
==================== One Month Modified Files and Folders ========
2013-04-10 08:37 - 2010-02-28 08:38 - 01550055 ____A C:\Windows\WindowsUpdate.log
2013-04-10 08:34 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-10 08:34 - 2006-11-02 04:45 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-10 08:34 - 2006-11-02 04:45 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-10 08:18 - 2012-12-26 12:56 - 00007570 ____A C:\Windows\PFRO.log
2013-04-10 07:57 - 2008-08-03 10:48 - 00002609 ____A C:\Users\graceport\Desktop\Word.lnk
2013-04-10 07:50 - 2013-04-10 07:50 - 00018461 ____A C:\ComboFix.txt
2013-04-10 07:50 - 2013-04-10 07:31 - 00000000 ____D C:\Qoobox
2013-04-10 07:48 - 2009-11-19 16:52 - 00000000 ____D C:\Users\graceport\AppData\Local\Apps\2.0
2013-04-10 07:46 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-04-10 07:37 - 2012-04-04 06:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-10 07:30 - 2013-04-10 07:30 - 05050592 ____R (Swearware) C:\Users\graceport\Desktop\ComboFix.exe
2013-04-10 07:26 - 2012-03-02 09:21 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-10 07:26 - 2008-12-30 06:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-10 07:23 - 2010-01-30 10:29 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-10 06:57 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-10 06:49 - 2011-05-27 09:48 - 00000320 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-04-10 06:49 - 2010-01-30 10:29 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-10 06:49 - 2008-08-01 06:00 - 00000000 ____D C:\ProgramData\LogMeIn
2013-04-09 06:56 - 2006-11-02 04:58 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-09 06:23 - 2011-03-07 16:47 - 00020992 ____A C:\Users\graceport\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-09 06:21 - 2009-04-19 14:55 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2013-04-08 16:32 - 2009-02-06 14:55 - 00000000 ___RD C:\Program Files\Skype
2013-04-08 16:32 - 2009-02-06 14:55 - 00000000 ____D C:\ProgramData\Skype
2013-04-07 05:47 - 2013-04-07 05:47 - 00000104 ____A C:\Users\graceport\Computer - Shortcut.lnk
2013-04-07 05:47 - 2008-03-13 13:06 - 00000000 ____D C:\Users\graceport\Desktop\Miscellaneous
2013-04-07 05:47 - 2008-03-12 21:56 - 00000000 ____D C:\users\graceport
2013-04-05 08:22 - 2013-04-05 08:22 - 00002100 ____A C:\Users\graceport\Desktop\RKreport[2]_D_04052013_02d1222.txt
2013-04-05 08:21 - 2013-04-05 08:15 - 00000000 ____D C:\Users\graceport\Desktop\RK_Quarantine
2013-04-05 08:18 - 2013-04-05 08:18 - 00002045 ____A C:\Users\graceport\Desktop\RKreport[1]_S_04052013_02d1218.txt
2013-04-05 08:15 - 2013-04-05 08:13 - 00000000 ____D C:\Malwarebytes AntiRoot Kit
2013-04-05 08:12 - 2013-04-05 08:12 - 12894739 ____A C:\Users\graceport\Desktop\mbar-1.01.0.1022.zip
2013-04-05 08:12 - 2013-04-05 08:12 - 00816128 ____A C:\Users\graceport\Desktop\RogueKiller.exe
2013-04-04 12:40 - 2013-04-04 12:40 - 00000000 ____D C:\New Folder
2013-04-04 12:40 - 2013-03-31 10:32 - 00000000 ____D C:\Info for Virtual Dr
2013-04-04 12:29 - 2011-09-15 07:14 - 00003329 ____A C:\Users\graceport\Documents\aswMBR.txt
2013-04-04 12:29 - 2011-09-15 07:14 - 00000512 ____A C:\Users\graceport\Documents\MBR.dat
2013-04-04 12:26 - 2013-04-04 12:26 - 04745728 ____A (AVAST Software) C:\Users\graceport\Desktop\aswMBR.exe
2013-04-04 12:19 - 2013-04-04 12:19 - 00688992 ____R (Swearware) C:\Users\graceport\Desktop\dds.scr
2013-04-04 10:50 - 2008-12-30 06:40 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-31 10:52 - 2008-03-14 08:40 - 00000000 ____D C:\Windows\PCHEALTH
2013-03-27 13:50 - 2013-03-27 13:50 - 00000000 ____D C:\FRST
2013-03-27 13:43 - 2013-03-26 08:00 - 00000000 ____A C:\Users\graceport\AppData\Roaming\skype.ini
2013-03-26 07:47 - 2008-03-14 08:41 - 00002609 ____A C:\Users\graceport\Desktop\Microsoft Office Word 2003.lnk
2013-03-26 06:31 - 2008-03-13 13:36 - 00000000 ____D C:\MDT
2013-03-26 06:17 - 2009-04-25 10:54 - 00000000 ____D C:\Users\graceport\AppData\Roaming\dvdcss
2013-03-25 07:58 - 2013-02-04 19:50 - 00002521 ____A C:\Windows\setupact.log
2013-03-22 15:26 - 2013-03-22 15:26 - 00002075 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-22 15:25 - 2008-03-06 06:46 - 00000000 ____D C:\Program Files\Google
2013-03-22 06:40 - 2013-03-21 09:06 - 00000000 ____D C:\GE Remote Control RC 24977
2013-03-21 15:18 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-03-21 09:21 - 2006-11-02 04:44 - 00453888 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-21 09:06 - 2006-11-02 02:23 - 00000289 ____A C:\Windows\win.ini
2013-03-21 08:30 - 2010-10-02 09:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-20 08:17 - 2008-03-06 06:42 - 00000000 ____D C:\ProgramData\Roxio
2013-03-19 08:36 - 2008-05-01 08:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-03-19 08:35 - 2008-03-06 06:45 - 00000000 ____D C:\ProgramData\Adobe
2013-03-19 08:34 - 2008-05-01 08:20 - 00000000 ____D C:\Program Files\Adobe
2013-03-19 08:33 - 2013-03-19 08:32 - 00000000 ____D C:\ADOBE READER 11
2013-03-19 08:33 - 2013-03-17 15:47 - 00000000 ____D C:\TomTom GPS FIX
2013-03-18 20:04 - 2009-02-06 14:55 - 00000000 ____D C:\Users\graceport\AppData\Roaming\Skype
2013-03-18 08:17 - 2013-03-18 08:15 - 00000000 ____D C:\Alfredo Sadel Romanticas MP3
2013-03-18 07:47 - 2013-03-18 07:29 - 00000000 ___RD C:\Alfredo Sadel Romanticas
2013-03-18 07:34 - 2013-03-18 05:53 - 00000000 ____D C:\Users\graceport\AppData\Roaming\ConverterLite
2013-03-18 05:53 - 2013-03-18 05:53 - 00001734 ____A C:\Users\Public\Desktop\ConverterLite.lnk
2013-03-18 05:53 - 2013-03-18 05:53 - 00000000 ____D C:\Program Files\ConverterLite
2013-03-18 05:52 - 2013-03-18 05:52 - 00000000 ____D C:\ProgramData\APN
2013-03-17 12:24 - 2013-03-17 12:24 - 00000000 ____D C:\Foto Tio Victor y Guillermo
2013-03-15 11:51 - 2013-03-15 11:50 - 00000000 ____D C:\Padre Palmar y Chavez
2013-03-15 11:30 - 2006-11-02 04:35 - 00000000 ____D C:\Windows\twain_32
2013-03-15 11:06 - 2013-03-15 11:06 - 00000000 ____D C:\Users\graceport\AppData\Local\HP
2013-03-15 11:06 - 2008-11-22 17:15 - 00000000 ____D C:\Users\graceport\AppData\Roaming\HP
2013-03-15 04:34 - 2013-03-15 04:34 - 04758445 ____A C:\Users\graceport\Downloads\Nem-1.wmv
2013-03-15 04:33 - 2013-03-15 04:32 - 00000000 ____D C:\Lina Maria Perros
2013-03-14 11:10 - 2011-03-01 10:08 - 00141712 ____A C:\Users\graceport\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 11:10 - 2008-11-22 17:16 - 00003196 ____A C:\ProgramData\hpzinstall.log
2013-03-14 10:57 - 2008-11-22 17:55 - 00000000 ____D C:\ProgramData\HP
2013-03-14 10:33 - 2013-03-14 10:21 - 00207143 ____A C:\Windows\hpwins28.dat
2013-03-14 10:31 - 2008-11-22 17:21 - 00000000 ____D C:\Program Files\HP
2013-03-14 10:29 - 2013-03-14 10:29 - 00001178 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2013-03-14 10:29 - 2013-03-14 10:29 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-03-14 10:25 - 2013-03-14 10:25 - 00000000 ____D C:\Windows\hpoj4500g510n-z
2013-03-13 16:58 - 2013-03-13 16:51 - 00000000 ____D C:\Alfredo Sadel
2013-03-13 13:58 - 2013-03-13 13:35 - 00000000 ____D C:\DVD Converters
2013-03-13 13:28 - 2013-03-13 13:28 - 00000000 ____D C:\Codec Identifier
2013-03-13 06:37 - 2012-04-04 06:10 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-13 06:37 - 2011-09-10 09:51 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-13 06:11 - 2013-03-13 06:04 - 00000000 ____D C:\PER 9
2013-03-13 06:03 - 2013-03-13 06:03 - 00000000 ____D C:\Users\graceport\Documents\PER 8
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-13 06:40] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-03-03 09:27:33
Restore point made on: 2013-03-03 10:36:32
Restore point made on: 2013-03-07 07:57:05
Restore point made on: 2013-03-07 07:58:34
Restore point made on: 2013-03-08 08:53:27
Restore point made on: 2013-03-12 04:45:43
Restore point made on: 2013-03-13 11:53:01
Restore point made on: 2013-03-14 10:19:20
Restore point made on: 2013-03-14 10:23:35
Restore point made on: 2013-03-16 07:00:37
Restore point made on: 2013-03-19 08:07:45
Restore point made on: 2013-03-19 08:09:36
Restore point made on: 2013-03-19 08:34:06
Restore point made on: 2013-03-19 16:29:46
Restore point made on: 2013-03-19 17:53:59
Restore point made on: 2013-03-19 18:43:30
Restore point made on: 2013-03-21 08:12:16
Restore point made on: 2013-03-21 08:58:31
Restore point made on: 2013-03-25 08:29:44
Restore point made on: 2013-03-26 07:00:43
Restore point made on: 2013-03-31 10:47:22
Restore point made on: 2013-04-04 12:29:36
Restore point made on: 2013-04-10 07:02:04
Restore point made on: 2013-04-10 07:16:48
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 2036.56 MB
Available physical RAM: 1741.89 MB
Total Pagefile: 1968.46 MB
Available Pagefile: 1821.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.35 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:107.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:0.28 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1550 KB
Disk 1 Online 986 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 10 GB 48 MB
Partition 3 Primary 223 GB 10 GB
=========================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 X RECOVERY NTFS Partition 10 GB Healthy Boot
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 986 MB 426 KB
=========================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 986 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 08000000
Partition 1:
=========
Hex: 00010100DEFE3F053F00000047780100
Active: NO
Type: DE
Size: 47 MB
Partition 2:
=========
Hex: 001E190607FEFFFF0080010000004001
Active: NO
Type: 07 (NTFS)
Size: 10 GB
Partition 3:
=========
Hex: 80FEFFFF07FEFFFF008041010008D91B
Active: YES
Type: 07 (NTFS)
Size: 223 GB
==============================
Partitions of Disk 1:
===============
Disk ID: 5B76F3BA
Partition 1:
=========
Hex: 000D22000614F4E954030000ACCC1E00
Active: NO
Type: 06
Size: 986 MB
Last Boot: 2013-04-10 06:57
==================== End Of Log =
Thanks Again!
-
1 Attachment(s)
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot normally.
-
FBI Ater you!
Hi Broni: Ran fixlist.txt as per your instructions,and I am posting the Log.
After runnning fixlist, I tried to boot up, and this is what happened.
At boot up, a screen appeared with two choices: 1) Run repairs, 2) Start Windows normally.
I chose thre first time to start Windows normally. It took me back to the black screen and the mouse cursor like before.
I tried again,and this time ,I chose Repairs, the process started,and after awhile a screen appeared with the choice of Restore System to a previous restore point. I chose this,and after a few minutes, the computer booted up normally,and that is where I am at this time,waiting for the next step.
In the meantime,I am saving most of my important information( Documents,Pictures, etc..) onto an external hard drive just in case.
Again,My most sincere thanks for your assistance!
Here is the Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-04-2013
Ran by SYSTEM at 2013-04-13 20:06:25 Run:2
Running from E:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
-
Good news :)
Re-run MBAM, RogueKiller and MBAR.
-
Thanks, I will do that,and post logs as soon as I finish with them!
Take Care!
-
-
FBI After You!
Hi Broni: Ran the 3 programs,and I am posting the Logs. Thanks again!
1) MalwareBytes
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.16.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19401
graceport :: MECHE [administrator]
4/16/2013 11:24:59 AM
mbam-log-2013-04-16 (11-24-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222617
Time elapsed: 8 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
2) MalwareBytesAntiRootKit
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 8.0.6001.19401
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2135375872, free: 1025904640
------------ Kernel report ------------
04/16/2013 11:44:51
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt58.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpman.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\UsbFltr.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\LVPr2Mon.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86b48ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85e0b528
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.16.07
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86b48ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b487b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86b48ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86a45a98, DeviceName: Unknown, DriverName: \Driver\vidsflt58\
DevicePointer: 0xffffffff85e06918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85e0b528, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffbb3067e8, 0xffffffff86b48ac8, 0xffffffff8595f128
Lower DeviceData: 0xffffffffbc242770, 0xffffffff85e0b528, 0xffffffff85d6cde8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8000000
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 98304 Numsec = 20971520
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21069824 Numsec = 467208192
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250000000000 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
3) RogueKiller
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : graceport [Admin rights]
Mode : Remove -- Date : 04/16/2013 12:05:17
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82E32D75 -> HOOKED (Unknown @ 0x8979C9A6)
SSDT[289] : NtSetContextThread @ 0x82E9403F -> HOOKED (Unknown @ 0x8979C9AB)
SSDT[334] : NtTerminateProcess @ 0x82DF20D3 -> HOOKED (Unknown @ 0x8979C947)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8979C9B0)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8979C9B5)
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 2810f80b0d308030f29a2f75f3dcdcae
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04162013_02d1205.txt >>
RKreport[1]_S_04162013_02d1204.txt ; RKreport[2]_D_04162013_02d1205.txt
Thanks!
-
Good :)
http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
http://dev.discussions.virtualdr.forums.relay.cool/ Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
FBI After You!
Hi Broni: Ran the 3 programs as instructed,and I am posting the Logs:
1) AdwCleaner
# AdwCleaner v2.200 - Logfile created 04/16/2013 at 17:24:58
# Updated 02/04/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : graceport - MECHE
# Boot Mode : Normal
# Running from : C:\Users\graceport\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\graceport\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\graceport\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\graceport\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\graceport\AppData\LocalLow\ShopperReports3
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\FocusInteractive
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19401
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-US)
File : C:\Users\graceport\AppData\Roaming\Mozilla\Firefox\Profiles\pjs1p8qe.default-1359734957495\prefs.js
C:\Users\graceport\AppData\Roaming\Mozilla\Firefox\Profiles\pjs1p8qe.default-1359734957495\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6103 octets] - [16/04/2013 17:24:09]
AdwCleaner[S1].txt - [5974 octets] - [16/04/2013 17:24:58]
########## EOF - C:\AdwCleaner[S1].txt - [6034 octets] ##########
2) JKT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by graceport on Tue 04/16/2013 at 19:03:57.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\graceport\AppData\Roaming\mozilla\firefox\profiles\pjs1p8qe.default-1359734957495\minidumps [32 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/16/2013 at 20:46:12.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I will post OTL on the next Reply,
Thanks!
-
FBI After You!
Broni: OTL txt Log:
OTL logfile created on: 4/17/2013 9:59:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\graceport\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.02% Memory free
4.22 Gb Paging File | 3.13 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 105.07 Gb Free Space | 47.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.28 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Computer Name: MECHE | User Name: graceport | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/04/16 17:22:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\graceport\Desktop\OTL.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/20 16:16:22 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/19 11:12:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/29 12:26:26 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/10/29 12:25:14 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/05 08:14:09 | 003,409,872 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 14:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/06/28 19:07:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/11/02 05:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/24 02:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/21 13:29:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/03/21 13:29:01 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/03/21 13:27:32 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/03/21 13:27:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/08/20 21:37:40 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
========== Services (SafeList) ==========
SRV - [2013/04/16 17:18:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/08 13:16:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/19 11:12:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/29 12:26:26 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/10/29 12:25:14 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/05 08:14:09 | 003,409,872 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/22 10:32:12 | 000,625,816 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/20 21:35:10 | 005,729,328 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/08/20 21:32:36 | 000,808,704 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/28 19:07:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/24 02:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp60.sys -- (ZDPSp60)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/29 12:25:18 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/05 08:14:12 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/09/05 08:14:01 | 000,766,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/09/05 08:13:58 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/09/05 08:11:16 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/09/05 08:11:14 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt58.sys -- (vidsflt58)
DRV - [2012/09/05 08:11:11 | 000,170,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/09/05 08:11:07 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 14:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/08/04 09:35:34 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 09:35:34 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/28 19:07:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 19:07:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/11 12:54:52 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 19:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 18:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/09/26 23:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/08/02 02:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/10/27 23:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [1999/11/13 15:19:12 | 000,453,475 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C-itnt.sys -- (XIRLINK)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{E3287CC6-851B-4CD0-AFA5-25E0E021C4E2}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\SearchScopes\{B68057AF-CB65-49F3-A3D8-51F944F3214C}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2012/09/09 20:36:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/14 14:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 13:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/16 17:37:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/14 14:32:25 | 000,000,000 | ---D | M]
[2009/07/06 19:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\graceport\AppData\Roaming\mozilla\Extensions
[2013/03/08 13:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/08 20:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 13:16:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/10 09:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/10 09:09:20 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/03/08 13:16:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/08 13:16:02 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/09/16 17:34:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Cocoon BHO) - {9F6733BC-A2D6-4726-B2B4-9727C36F7859} - C:\Program Files\CocoonIE\CocoonIE.dll (Virtual World Computing)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Cocoon Toolbar) - {58435E33-B5C7-4871-9D03-1A5FEB408074} - C:\Program Files\CocoonIE\CocoonIE.dll (Virtual World Computing)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\Toolbar\WebBrowser: (Cocoon Toolbar) - {58435E33-B5C7-4871-9D03-1A5FEB408074} - C:\Program Files\CocoonIE\CocoonIE.dll (Virtual World Computing)
O3 - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn-cs02.jpmorganchase.co...etupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ADMINISTRATOR
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D21CFA8-7E48-4C7F-B930-B153D649DBEE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FDB07B3-BB1C-4A48-A2E6-85B376290FDA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Foto PER\Foto Petunia.jpg
O24 - Desktop BackupWallPaper: C:\Foto PER\Foto Petunia.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | -HS- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/16 17:37:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/16 17:36:51 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/16 17:22:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\graceport\Desktop\OTL.exe
[2013/04/16 17:22:04 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\graceport\Desktop\JRT.exe
[2013/04/16 12:02:48 | 000,000,000 | ---D | C] -- C:\Users\graceport\Desktop\RK_Quarantine
[2013/04/16 11:43:48 | 000,000,000 | ---D | C] -- C:\MalwareAntiRootKit 2
[2013/04/16 11:27:34 | 000,000,000 | ---D | C] -- C:\Log s for Virtual Dr 4 16 2013
[2013/04/10 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\graceport\AppData\Local\temp(24)
[2013/04/10 11:31:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/05 12:13:45 | 000,000,000 | ---D | C] -- C:\Malwarebytes AntiRoot Kit
[2013/04/04 16:40:40 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/04/04 16:26:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\graceport\Desktop\aswMBR.exe
[2013/04/04 16:19:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\graceport\Desktop\dds.scr
[2013/03/31 14:32:16 | 000,000,000 | ---D | C] -- C:\Info for Virtual Dr
[2013/03/27 17:50:24 | 000,000,000 | ---D | C] -- C:\FRST
[2013/03/22 19:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/21 13:06:11 | 000,000,000 | ---D | C] -- C:\GE Remote Control RC 24977
[2013/03/19 12:32:29 | 000,000,000 | ---D | C] -- C:\ADOBE READER 11
[2013/03/18 12:15:40 | 000,000,000 | ---D | C] -- C:\Alfredo Sadel Romanticas MP3
[2013/03/18 11:29:06 | 000,000,000 | R--D | C] -- C:\Alfredo Sadel Romanticas
========== Files - Modified Within 30 Days ==========
[2013/04/17 09:47:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 09:47:52 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/04/17 09:47:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:47:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/17 09:47:39 | 2134,073,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/16 20:37:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/16 20:23:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 17:22:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\graceport\Desktop\OTL.exe
[2013/04/16 17:22:08 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\graceport\Desktop\JRT.exe
[2013/04/16 17:21:39 | 000,613,083 | ---- | M] () -- C:\Users\graceport\Desktop\adwcleaner.exe
[2013/04/16 11:19:09 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/16 11:19:09 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/16 11:11:12 | 000,453,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/14 12:20:57 | 000,025,088 | ---- | M] () -- C:\Users\graceport\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/09 10:21:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/04/08 20:48:30 | 000,002,609 | ---- | M] () -- C:\Users\graceport\Desktop\Word.lnk
[2013/04/07 09:47:15 | 000,000,104 | ---- | M] () -- C:\Users\graceport\Computer - Shortcut.lnk
[2013/04/05 12:12:19 | 000,816,128 | ---- | M] () -- C:\Users\graceport\Desktop\RogueKiller.exe
[2013/04/04 16:29:06 | 000,000,512 | ---- | M] () -- C:\Users\graceport\Documents\MBR.dat
[2013/04/04 16:26:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\graceport\Desktop\aswMBR.exe
[2013/04/04 16:19:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\graceport\Desktop\dds.scr
[2013/03/27 17:43:28 | 000,000,000 | ---- | M] () -- C:\Users\graceport\AppData\Roaming\skype.ini
[2013/03/26 11:47:07 | 000,002,609 | ---- | M] () -- C:\Users\graceport\Desktop\Microsoft Office Word 2003.lnk
[2013/03/22 19:26:29 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2013/04/16 17:21:33 | 000,613,083 | ---- | C] () -- C:\Users\graceport\Desktop\adwcleaner.exe
[2013/04/13 20:10:26 | 2134,073,344 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/07 09:47:15 | 000,000,104 | ---- | C] () -- C:\Users\graceport\Computer - Shortcut.lnk
[2013/04/05 12:12:17 | 000,816,128 | ---- | C] () -- C:\Users\graceport\Desktop\RogueKiller.exe
[2013/03/26 12:00:12 | 000,000,000 | ---- | C] () -- C:\Users\graceport\AppData\Roaming\skype.ini
[2013/03/22 19:26:29 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/19 12:36:10 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/14 14:21:49 | 000,207,143 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/11/11 10:27:45 | 000,000,680 | ---- | C] () -- C:\Users\graceport\AppData\Local\d3d9caps.dat
[2012/02/28 12:00:49 | 000,004,096 | -H-- | C] () -- C:\Users\graceport\AppData\Local\keyfile3.drm
[2011/09/09 19:26:24 | 000,272,863 | ---- | C] () -- C:\Users\graceport\AppData\Local\census.cache
[2011/09/09 19:25:58 | 000,224,849 | ---- | C] () -- C:\Users\graceport\AppData\Local\ars.cache
[2011/09/09 19:14:20 | 000,000,036 | ---- | C] () -- C:\Users\graceport\AppData\Local\housecall.guid.cache
[2011/09/05 10:13:36 | 000,011,567 | ---- | C] () -- C:\Windows\HL-1440.INI
[2011/08/12 11:28:14 | 001,115,445 | ---- | C] () -- C:\Users\graceport\WPN824V2-V2.0.26_1.2.17NA.chk
[2011/05/14 09:50:28 | 000,000,876 | ---- | C] () -- C:\Users\graceport\.recently-used.xbel
[2011/05/07 19:57:48 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/07 19:57:37 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/05/07 19:57:36 | 000,000,290 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/05/07 19:57:36 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011/05/07 19:57:33 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2011/05/07 19:56:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd5240.dat
[2011/05/07 19:55:57 | 000,000,316 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/03/07 20:47:02 | 000,025,088 | ---- | C] () -- C:\Users\graceport\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/28 13:23:29 | 000,000,691 | ---- | C] () -- C:\Users\graceport\AppData\Roaming\GetValue.vbs
[2010/02/28 13:23:29 | 000,000,035 | ---- | C] () -- C:\Users\graceport\AppData\Roaming\SetValue.bat
[2008/03/16 11:44:41 | 000,025,938 | ---- | C] () -- C:\Users\graceport\AppData\Roaming\UserTile.png
[2008/03/13 17:41:02 | 000,000,000 | ---- | C] () -- C:\Users\graceport\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/09/05 08:44:24 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Acronis
[2010/12/14 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Avery
[2009/06/17 13:43:23 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\BRS
[2008/07/31 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Business Logic
[2010/12/14 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Canon
[2012/09/09 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Catalina Marketing Corp
[2013/03/18 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\ConverterLite
[2011/10/16 20:47:53 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Foxit Software
[2011/05/27 13:56:10 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\GlarySoft
[2012/09/09 08:58:02 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\gtk-2.0
[2012/09/09 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Image Zone Express
[2012/09/09 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Juniper Networks
[2011/02/27 18:16:57 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Leadertech
[2008/03/16 11:44:41 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\PeerNetworking
[2012/09/09 20:39:08 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Printer Info Cache
[2010/03/21 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Skinux
[2011/04/28 08:35:22 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Template
[2012/09/09 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\Ulead Systems
[2012/09/09 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\graceport\AppData\Roaming\WholeSecurity
========== Purity Check ==========
< End of report >
-
FBI After You!
Hi Broni: OTL Extras log:
OTL Extras logfile created on: 4/17/2013 9:59:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\graceport\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.02% Memory free
4.22 Gb Paging File | 3.13 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 105.07 Gb Free Space | 47.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.28 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Computer Name: MECHE | User Name: graceport | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E140B-7C90-4BDE-8801-AC1E3CBF1FFE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{00512AD0-68F2-4693-A205-1C8B22DB3293}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{03CA586A-134A-4908-8707-86B9C39822B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{1211BAD2-DF82-408B-AEA3-E69AC2E88B50}" = lport=137 | protocol=17 | dir=in | app=system |
"{25BA38B1-EB26-4CB4-A3CB-3DF6C2088D07}" = lport=138 | protocol=17 | dir=in | app=system |
"{28C8AAF0-B74D-4800-BA69-ACB08D5AD2EA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2E5CFF8A-480C-498C-8B3E-E0773069A969}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34F1BAC5-58F3-4A26-88EC-715E0D4282AE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A5E7CDE-81F2-439C-BF94-B30C2EECC5D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5086DCB1-65CB-411A-950C-257F069E939B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{5483E229-E799-409C-A711-7C5A930D9378}" = lport=139 | protocol=6 | dir=in | app=system |
"{7AFDF571-4C1D-484A-A184-BA5DD9807E16}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DECF6AA-0A96-43CA-85E9-3B4E118DDE33}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B4BE80F-AF71-4B8B-8BA5-C7786CEB65FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CE405745-DDC1-4758-A19D-E70DB24E6330}" = rport=445 | protocol=6 | dir=out | app=system |
"{E395FC6B-250A-4D10-A74E-173EE502F345}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB02652C-77B6-4056-B92E-D855BF245A2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBE11F2E-CA9C-437B-8AF5-ED41BD8A5303}" = rport=139 | protocol=6 | dir=out | app=system |
"{EDE93153-6487-4537-AAED-833C17306203}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5192158-1CF4-4BD5-841B-E00A15FDE76A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FC302215-3282-4B81-965F-FDBA59421CC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A06AEC-E4B0-4AFA-9DC1-046C3CC193A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{12B8916E-F81C-4689-A271-7F12E018F3DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1B21FB2E-5755-4573-878E-FB29CC2F13FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{2E772B91-4296-4ECD-B649-8FC117C54F38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{30D8A009-7086-469E-B325-2976B72DA9C1}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{360DA6A8-9854-4FC5-96A3-291814EA1FDD}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{40DFFEF0-91A7-4463-B008-199BA06849F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52C215C3-EF13-4341-9979-D425E1D406DE}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{53316434-BC82-4ED7-81EA-949CAC44DEFC}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{5B992513-4B4E-45B1-A529-ED2CB38E3935}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{65EB2B4C-53D2-4257-9A1C-5966C1613AB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{6DC0313F-823B-45B4-AC72-345B31DF4A2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{72848937-E95E-48E0-AE98-5EE2D01519E7}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{734470B8-7102-4D6B-A406-D1A6B5003025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{75D89E05-C25F-43C0-847C-C1FCD231C509}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{81C1A021-0EA5-4484-8886-D1A50F9C24D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86C4C07D-5745-4769-ACC6-B50FD6836BFB}" = protocol=1 | dir=in | [email protected],-28543 |
"{969F4052-F04C-47DD-AF8B-5636F6564B17}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{96CC4D20-FACA-4B3A-AD21-E7A488CB1223}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{97A43D5D-DF25-4361-BD02-C413E45D9651}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A0B5C0D4-527B-4AC6-8223-8A75C62D6273}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A5AC9346-8FF9-4793-AE54-EE232D200F34}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{AB1BC320-68C1-48E1-9DE9-AA15DBF8236D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{B1E8CC2E-893B-4B65-A748-857132B9597F}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{BA71AD30-DE12-47C8-A618-ACA481BD2201}" = dir=in | app=e:\setup\hpznui01.exe |
"{BCD5DC39-264B-4CF4-A1C1-B14C71915F0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C0B686D4-B26B-4267-941A-3C24C0AA8FEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C5E7FE43-E3F5-43AD-B9C7-78D3AEB323CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{CF2E4EF0-6C8B-4096-8482-C7D520777DF2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{D72C0916-01A9-4D5E-89D8-F2EB03CB13F4}" = protocol=58 | dir=in | [email protected],-28545 |
"{E676A2D7-F727-4CCE-8DD7-122E0D197928}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F0A7E0B5-0A89-4456-8EF5-4675A89F151D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{F5679E59-0EBA-4861-B693-6B5D8EA68276}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{F707083F-8C1C-414B-ACB1-10E8F17B314C}" = protocol=1 | dir=out | [email protected],-28544 |
"{F7780F8A-24C5-4F6F-BBF9-7E9B7186E37E}" = protocol=58 | dir=out | [email protected],-28546 |
"{F7C716D0-49D0-4FA9-B9C1-E24979DDD297}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{F8D1CDA6-B766-43EC-BB4B-9657F9C4EB79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{FA5BE785-3D1A-4A82-B32E-132B23191619}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"TCP Query User{270A2D28-8045-4738-AE3D-A63F7932292A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{510BF09C-E194-4452-8667-0624E5AC7FD0}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{74B4F522-C8D8-45F5-9511-1954F36F6725}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AC587E4C-977C-406E-9A84-0C80081DC962}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EC4C7376-D367-4A07-9413-51762FA44410}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F71366C8-FC8E-426A-9324-F5F45AC8132A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0892E590-BBAC-413F-8E22-88338D5CDBD8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{3C89A077-46DF-4B38-AD0E-94E71A889A63}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9E55CF23-4EC6-416B-BCD0-06924DFFDB98}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9FD1424E-EEB9-4D0A-AA9B-2C6BD7EB1C52}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A6EBCADC-D94F-455D-BCEC-741F5C4E4A02}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{B7B944CF-11F2-4C37-9F33-E2D624C9E950}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 27
"{27DC5BF6-A0AA-44AF-B9E5-B71297A891BE}" = Cocoon for Internet Explorer
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}" = Acronis True Image Home 2012
"{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}Visible" = Acronis True Image Home 2012
"{49579E4A-900F-4E7C-8A21-53380CE5B2D5}" = Brother HL-1440
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) MUI
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B0ED412D-C012-46B4-97E0-62D4C855BE43}" = DVD PhotoPlay
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8F19DA6-0BCD-48FC-9998-C6ACEAEEDEFE}" = Photo Explosion Deluxe
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCB4FDED-BFE4-4257-9EBC-E9D63780C9D4}" = Brother HL-5240
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDAFD956-97BE-443D-8EF7-F4F094EB5766}_is1" = Crawler 3D Aquarium Screensaver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC1BD9F4-99A5-4969-B851-23FEA1CA2EC0}" = PlanWrite - Business Plan Writer Deluxe 2003
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F012B439-D7B3-41D6-9902-8650E2191F4A}" = E210
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian_PicturePerfect" = Applian PicturePerfect
"Aquatica3" = Aquatica 3
"Athena" = WebCam for MSN Messenger
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"ConverterLite" = ConverterLite 1.6.3
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Ink Monitor" = Ink Monitor
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"Skype™ for Pocket PC_is1" = Skype™ for Pocket PC 2.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 0.9.9
"Windows Live Toolbar" = Windows Live Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3605116457-2784117146-3966978637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online(tm) for Web Applications
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 4/17/2013 9:47:46 AM | Computer Name = MECHE.ADMINISTRATOR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001D098CC214 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 4/17/2013 9:48:02 AM | Computer Name = MECHE.ADMINISTRATOR | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{7FDB07B3-BB1C-4A48-A2E6-85B376290FDA}
because another computer on the network has the same name. The server could not
start.
Error - 4/17/2013 9:48:18 AM | Computer Name = MECHE.ADMINISTRATOR | Source = LSM | ID = 1048
Description =
Error - 4/17/2013 9:49:10 AM | Computer Name = MECHE.ADMINISTRATOR | Source = Service Control Manager | ID = 7024
Description =
< End of report
-
http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp60.sys -- (ZDPSp60)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
IE - HKU\S-1-5-21-3605116457-2784117146-3966978637-1000\..\SearchScopes\{B68057AF-CB65-49F3-A3D8-51F944F3214C}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
FF - user.js - File not found
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
-
FBI After You!
Hi Broni: It looks like we are headed on the right direction. Thanks again. I will try to send all the Logs in one reply, if not I will send several.
Here are the Logs:
1) OTL
All processes killed
========== OTL ==========
Service ZDPSp60 stopped successfully!
Service ZDPSp60 deleted successfully!
File System32\Drivers\ZDPSp60.sys not found.
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File system32\DRIVERS\wanatw4.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
Registry key HKEY_USERS\S-1-5-21-3605116457-2784117146-3966978637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B68057AF-CB65-49F3-A3D8-51F944F3214C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B68057AF-CB65-49F3-A3D8-51F944F3214C}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: graceport
->Temp folder emptied: 23099435 bytes
->Temporary Internet Files folder emptied: 139038239 bytes
->Java cache emptied: 1005564 bytes
->FireFox cache emptied: 355303669 bytes
->Flash cache emptied: 24560 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1283608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 496.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: graceport
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: graceport
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04182013_193630
Files\Folders moved on Reboot...
C:\Users\graceport\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EVRZ11L\showthread[2].htm moved successfully.
C:\Users\graceport\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\graceport\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000050945723A654C61841 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
2) Security Check
Results of screen317's Security Check version 0.99.62
Windows Vista Service Pack 2 x86
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 27
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 8
Adobe Reader XI
Mozilla Firefox 18.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
3) Farbar Service Scanner
Farbar Service Scanner Version: 14-04-2013
Ran by graceport (administrator) on 18-04-2013 at 19:55:35
Running from "C:\Users\graceport\Desktop"
Windows Vista (TM) Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-03-21 12:51] - [2013-01-04 07:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
4) Tem File Cleaner.
Cleaned up. No Log
5) Eset Online Scanner
C:\FRST\Quarantine\skype.dat a variant of Win32/Kryptik.AXPR trojan cleaned by deleting - quarantined
C:\Users\graceport\Downloads\mx.850setup.exe-[serial]_downloader.exe Win32/Adware.MediaFinder application cleaned by deleting - quarantined
C:\Users\graceport\Downloads\mx.850setup.exe.dvd_downloader.exe Win32/Adware.MediaFinder application cleaned by deleting - quarantined
C:\Users\graceport\Downloads\mx.850setup.exe_downloader(1).exe Win32/Adware.MediaFinder application cleaned by deleting - quarantined
C:\Users\graceport\Downloads\mx.850setup.exe_downloader.exe Win32/Adware.MediaFinder application cleaned by deleting - quarantined
Thanks Again!
-
http://dev.discussions.virtualdr.forums.relay.cool/ Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus
NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.
http://dev.discussions.virtualdr.forums.relay.cool/ 1. Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
2. Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it.
- Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Do NOT post JavaRa log.
================================
http://dev.discussions.virtualdr.forums.relay.cool/ Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
14. Please, let me know, how your computer is doing.
-
Thank you Broni: As soon as I complete the latest recommendations,I will let you know.:)
