Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirecting websites/slow loading [Solved]


  • This topic is locked This topic is locked

#1
guardedbyhim

guardedbyhim

    New Member

  • Member
  • Pip
  • 3 posts
My brother-in-law just sold me this computer for $150.00. He said it came as-is. I think it's slow loading but maybe that's me. Microsoft Security Essentials had a ASX/WIMAD.CN sucessful clean. I do have maybe ten website re-directs a day (I've had it under a week), so I know it still has something. I don't have reboot cd's for it or I would simply reboot. This was an older work-station I guess Jason got from his work so it has had some upgrades, most notably a better graphics card. I don't know anything about specs and such and I'm not a techy person. I just needed a computer for college and he had one cheap. I took a screenshot of the windows information. Hopefully it helps. Posted Image. Thanks!!! :help:

OOPS... A bigger picture of the specs can be found here (click on image to enlarge):
http://igaveuthatnam...blog-post.html

It says its a dell, windows 7 pro, but it has had different parts added. Again, thanks!


OTL logfile created on: 7/19/2012 9:03:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.60% Memory free
6.49 Gb Paging File | 4.94 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 112.17 Gb Free Space | 48.19% Space Free | Partition Type: NTFS
Drive P: | 1863.01 Gb Total Space | 577.10 Gb Free Space | 30.98% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 21:03:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL (1).exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/30 10:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/27 10:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/19 16:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/03/29 21:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/13 20:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2008/10/29 00:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2008/10/29 00:07:58 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/10/29 00:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/29 00:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2004/08/09 15:15:42 | 000,278,528 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
PRC - [2002/02/14 18:13:22 | 000,323,584 | ---- | M] () -- C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/16 08:55:24 | 000,766,464 | ---- | M] () -- C:\Users\User\AppData\Local\Macrovision\ahjyjhxn.dll
MOD - [2012/07/09 23:09:00 | 000,438,296 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 23:08:59 | 003,972,120 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 23:07:39 | 000,554,520 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 23:07:37 | 000,117,784 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 23:07:22 | 000,140,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 23:07:21 | 000,262,184 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 23:07:19 | 002,386,984 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 15:47:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/15 15:47:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/15 15:46:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/15 15:46:50 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/15 15:46:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 15:46:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/15 15:46:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/15 15:46:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 15:46:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/15 15:46:30 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/08/27 10:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 12:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2003/06/02 18:26:24 | 000,065,536 | ---- | M] () -- P:\lotus\org6\organize\iehelper.dll
MOD - [2002/02/14 18:13:22 | 000,323,584 | ---- | M] () -- C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/07/12 10:50:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 17:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/15 23:42:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/15 11:42:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/19 16:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/10/29 00:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/10/29 00:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/10/29 00:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/10/02 19:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WG111Tv.sys -- (WG111T)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DNINDIS4.SYS -- (DNINDIS4)
DRV - [2012/05/30 20:23:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/15 23:58:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/02/03 12:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 09:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/08/12 17:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/04/28 11:08:40 | 000,461,824 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008/10/29 00:08:58 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2008/10/29 00:08:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/10/29 00:08:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/10/29 00:08:54 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/10/29 00:08:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/10/28 18:03:28 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/10/28 18:03:28 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/10/02 19:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/25 07:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007/01/19 19:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006/11/20 16:48:46 | 000,182,784 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/11/20 16:48:46 | 000,182,784 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...insDate06072012
IE - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...nsDate06072012"
FF - prefs.js..keyword.URL: "http://search.mywebs...2c8&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/03 00:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 18:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/07 20:48:10 | 000,000,000 | ---D | M]

[2012/01/12 01:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/07/03 15:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7waduyd7.default\extensions
[2012/07/03 15:17:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7waduyd7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/30 10:15:12 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7waduyd7.default\extensions\[email protected]
[2012/05/30 10:15:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7waduyd7.default\extensions\[email protected]
[2012/07/02 18:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/03 15:17:49 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WADUYD7.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/02/08 23:41:49 | 000,061,700 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WADUYD7.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/27 13:24:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/05 20:02:08 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: FVD Video Downloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.2.6_0\

O1 HOSTS File: ([2011/02/16 17:05:02 | 000,001,211 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - P:\lotus\org6\organize\iehelper.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Alive Text to Speech) - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files\AliveMedia\Text to Speech\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WD Spindown Utility] C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [Macrovision] C:\Users\User\AppData\Local\Macrovision\ahjyjhxn.dll ()
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [Sticky-Notes] C:\Program Files\Sticky-Notes\stickynotes.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - P:\lotus\org6\organize\bandobjs.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33C26FDF-AB7E-4C86-A233-023630F54423}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35BA3F09-697E-4C87-8E60-605D2A2CCA46}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A889B1F-31AC-45FD-B2E2-0918DD5E18B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF5A3744-9269-41CB-A6E3-2AF037D4FAB8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{86ccef12-5a48-11e1-b9eb-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{86ccef12-5a48-11e1-b9eb-005056c00008}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O33 - MountPoints2\{d47998f5-05d6-11e1-b9fb-001d0984971a}\Shell - "" = AutoRun
O33 - MountPoints2\{d47998f5-05d6-11e1-b9fb-001d0984971a}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 19:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
[2012/07/19 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Spindown or Stop Utility
[2012/07/19 19:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2012/07/19 19:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2012/07/19 19:06:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2012/07/19 15:47:14 | 000,000,000 | ---D | C] -- C:\Log
[2012/07/19 15:44:54 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2012/07/19 15:44:54 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
[2012/07/19 15:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix NTFS Data Recovery
[2012/07/19 15:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix NTFS Data Recovery
[2012/07/19 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\recovered
[2012/07/18 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/07/18 18:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2012/07/18 18:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/07/18 18:12:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/07/18 18:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/07/18 18:12:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Recuva File Recovery v1.37.488 Software
[2012/07/18 18:12:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\EASEUS.Data.Recovery.Wizard.Professional.v5.5.1.Retail-FOSI
[2012/07/18 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\dell recovery
[2012/07/16 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alive Text to Speech
[2012/07/16 17:48:28 | 000,491,520 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioFile.dll
[2012/07/16 17:48:27 | 000,158,208 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTTextToAudio.dll
[2012/07/16 17:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\AliveMedia
[2012/07/15 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Audacity
[2012/07/15 21:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/15 21:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor
[2012/07/15 21:46:17 | 000,086,683 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2012/07/15 21:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor
[2012/07/15 10:29:22 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Barnes & Noble eBooks
[2012/07/15 10:29:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Barnes & Noble
[2012/07/15 10:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble
[2012/07/12 11:45:13 | 000,000,000 | ---D | C] -- C:\Users\User\dwhelper
[2012/07/12 11:37:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macrovision
[2012/07/09 22:59:23 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Camtasia Studio
[2012/07/08 18:41:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2012/07/06 15:24:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\The.AristoCats.1970.720p.BluRay.X264-AMIABLE [PublicHD]
[2012/07/03 13:02:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Red Dwarf
[2012/07/03 12:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ncesoft
[2012/07/03 12:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ncesoft
[2012/07/01 11:57:09 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup319.exe
[2012/06/27 20:15:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Origin
[2012/06/27 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Origin
[2012/06/22 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\calibre
[2012/06/22 16:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/06/22 16:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

========== Files - Modified Within 30 Days ==========

[2012/07/19 21:05:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/19 21:05:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 20:59:19 | 000,026,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 20:59:19 | 000,026,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 20:50:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/19 20:48:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 20:47:53 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 20:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169699064-3455557488-2058789409-1014UA.job
[2012/07/19 19:48:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169699064-3455557488-2058789409-1000UA.job
[2012/07/19 19:38:04 | 000,002,983 | ---- | M] () -- C:\Users\User\Desktop\WD Spindown or Stop Utility.lnk
[2012/07/19 19:11:20 | 000,000,068 | ---- | M] () -- C:\Windows\spn.INI
[2012/07/19 19:07:12 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2012/07/19 18:41:43 | 000,675,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/19 18:41:43 | 000,125,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/19 15:44:58 | 000,000,068 | ---- | M] () -- C:\Windows\Crypkey.ini
[2012/07/19 15:44:53 | 000,001,076 | ---- | M] () -- C:\Users\User\Desktop\Stellar Phoenix NTFS Data Recovery.lnk
[2012/07/19 11:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169699064-3455557488-2058789409-1014Core.job
[2012/07/19 04:48:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169699064-3455557488-2058789409-1000Core.job
[2012/07/18 18:24:16 | 000,000,981 | ---- | M] () -- C:\Users\User\Desktop\Notepad++.lnk
[2012/07/18 18:14:22 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/07/18 15:47:20 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 17:48:35 | 000,001,046 | ---- | M] () -- C:\Users\User\Desktop\Alive Text to Speech.lnk
[2012/07/12 10:50:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/12 10:50:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/09 23:19:30 | 000,000,632 | RHS- | M] () -- C:\Users\User\ntuser.pol
[2012/07/05 00:21:12 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/04 20:29:54 | 000,001,222 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 12:49:39 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Ncesoft Flip Book Maker.lnk
[2012/07/03 11:03:53 | 000,001,061 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/02 18:31:11 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/27 20:15:54 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/06/22 20:49:27 | 003,774,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/22 16:33:20 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk

========== Files Created - No Company Name ==========

[2012/07/19 19:38:04 | 000,002,983 | ---- | C] () -- C:\Users\User\Desktop\WD Spindown or Stop Utility.lnk
[2012/07/19 19:07:12 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2012/07/19 15:47:14 | 000,000,068 | ---- | C] () -- C:\Windows\spn.INI
[2012/07/19 15:44:58 | 000,000,068 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/07/19 15:44:54 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/07/19 15:44:54 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012/07/19 15:44:54 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/07/19 15:44:54 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012/07/19 15:44:53 | 000,001,076 | ---- | C] () -- C:\Users\User\Desktop\Stellar Phoenix NTFS Data Recovery.lnk
[2012/07/18 19:09:54 | 000,122,192 | ---- | C] () -- C:\Users\User\Desktop\Untitled.jpg
[2012/07/18 19:09:31 | 000,139,243 | ---- | C] () -- C:\Users\User\Desktop\smfa.jpg
[2012/07/18 19:08:46 | 000,044,404 | ---- | C] () -- C:\Users\User\Desktop\d510f54b_75.pdf
[2012/07/18 19:07:59 | 000,075,158 | ---- | C] () -- C:\Users\User\Desktop\0129121530a.jpg
[2012/07/18 18:24:16 | 000,000,981 | ---- | C] () -- C:\Users\User\Desktop\Notepad++.lnk
[2012/07/18 18:14:22 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/07/18 15:47:20 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 17:48:35 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alive Text to Speech.lnk
[2012/07/16 17:48:35 | 000,001,046 | ---- | C] () -- C:\Users\User\Desktop\Alive Text to Speech.lnk
[2012/07/16 17:48:26 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012/07/09 23:24:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/09 23:18:59 | 000,000,632 | RHS- | C] () -- C:\Users\User\ntuser.pol
[2012/07/09 11:11:11 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169699064-3455557488-2058789409-1014UA.job
[2012/07/09 11:11:10 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169699064-3455557488-2058789409-1014Core.job
[2012/07/03 12:49:39 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Ncesoft Flip Book Maker.lnk
[2012/07/03 11:03:53 | 000,001,061 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/02 18:31:11 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/27 20:15:54 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/06/22 16:33:20 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/24 17:49:19 | 000,000,519 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/04/24 16:51:51 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/02/22 00:02:29 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 00:47:43 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2012/02/07 00:09:01 | 000,000,000 | ---- | C] () -- C:\Windows\winhelp.ini
[2012/02/05 12:35:21 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/01/13 20:19:58 | 000,000,885 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012/01/09 19:51:28 | 000,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2012/01/09 12:01:48 | 000,000,075 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2012/01/04 14:24:41 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/02 23:31:20 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2011/11/02 23:31:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2011/10/15 23:40:49 | 000,000,372 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/15 23:31:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\s.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\r.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\q.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\p.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\n.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\m.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\g.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\f.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\e.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\d.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\b.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\a.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

UPDATE 7/21/12: The computer now only boots in safe mode and goes straight to blue screen in regular mode. I'm really needing help as I use this computer for college, thanks.

Edited by guardedbyhim, 21 July 2012 - 08:48 AM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, guardedbyhim! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=2EE48573-0B8F-47D6-B407-3CDD0499F16C&n=77ed512c&ind=2012041516&id=ZKxdm853YYus&ptnrS=ZKxdm853YYus&si=d99612c8&searchfor="
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    [2012/04/05 20:02:08 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
    O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [Macrovision] C:\Users\User\AppData\Local\Macrovision\ahjyjhxn.dll ()
    O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
    O4 - HKU\S-1-5-21-169699064-3455557488-2058789409-1000..\Run: [Sticky-Notes] C:\Program Files\Sticky-Notes\stickynotes.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O33 - MountPoints2\{86ccef12-5a48-11e1-b9eb-005056c00008}\Shell - "" = AutoRun
    O33 - MountPoints2\{86ccef12-5a48-11e1-b9eb-005056c00008}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
    O33 - MountPoints2\{d47998f5-05d6-11e1-b9fb-001d0984971a}\Shell - "" = AutoRun
    O33 - MountPoints2\{d47998f5-05d6-11e1-b9fb-001d0984971a}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun\autorun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
    O33 - MountPoints2\K\Shell - "" = AutoRun
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Autorun.exe
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\s.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\r.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\q.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\p.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\n.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\m.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\g.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\f.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\e.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\d.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\b.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 184 bytes -> C:\Users\User\Desktop\a.jpeg:3or4kl4x13tuuug3Byamue2s4b
    
    
    
    
    :files
    ipconfig /flushdns /c
    C:\Users\User\AppData\Local\Macrovision\ahjyjhxn.dll
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Try to boot into Normal mode to trun steps 2 and 3. However if you cannot then run them in Safe Mode with Networking.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please post:

OTL fix log
aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.


Also you have at least two resident AntiViruses installed (Avast and Microsoft Security Essentials) Tell me which one you want to remove in the next post. Never run more than one it does more harm than good.
  • 0

#3
guardedbyhim

guardedbyhim

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I had to install linux on this computer because it wouldn't even start in safe mode. I lost everything. I'm a college student and I do three summer classes online. I appreciate the time you took to do eveything. I'm sorry I wasted your time. Thanks though.
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
If you need help later going back to windows let us know!

Regards.

CompCav
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP