Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CPU near 100%, Can't uninstall VPN [Solved]

Started by dave423 , Oct 08 2012 06:29 AM

  • This topic is locked This topic is locked

#1
dave423
Posted 08 October 2012 - 06:29 AM

dave423

    Member

  • Member
  • PipPip
  • 64 posts
I've been using my netbook on hotel and airport WiFi. I've also downloaded some Wheeler Dealer episodes from Gorillavid, which also downloaded some nasties. I should have checked to see if Gorillavid was a suspicious site, but I was didn't. I cleaned my computer with Microsoft Security Essentials and then Malwarebytes, but the CPU still seems to be much busier than normal. I also installed Privitize VPN, which I later tried to uninstall, but bits of it still seem to be lingering around. Also, there's a red x on my internet access icon. I don't know what I've done, but it is all my fault. I would appreciate any help you can give me to get my netbook back to normal. Here's my OTL scan:

OTL logfile created on: 10/8/2012 7:55:05 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elrod\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.36% Memory free
3.98 Gb Paging File | 2.72 Gb Available in Paging File | 68.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.86 Gb Total Space | 144.41 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
Drive F: | 3.68 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32

Computer Name: ELROD-PC | User Name: Elrod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 07:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elrod\Desktop\OTL(2).exe
PRC - [2012/09/24 08:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/09/24 08:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/09/24 08:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 18:28:18 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/29 18:49:12 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\program\soffice.bin
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011/10/21 16:08:34 | 000,724,352 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2011/07/29 05:43:58 | 000,737,104 | ---- | M] (ecareme) -- C:\Program Files\ASUS\Asus WebStorage\3.0.108.222\AsusWSPanel.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/11/10 20:07:50 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/10/26 18:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/17 01:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/25 15:04:10 | 000,115,888 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/11 15:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/27 19:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/08/18 21:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 18:26:16 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/29 18:49:09 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\program\libxml2.dll
MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\program\libxslt.dll
MOD - [2012/06/15 03:46:04 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/15 03:39:20 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 03:38:51 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 03:56:46 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 03:47:37 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/10 03:46:38 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:46:23 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:46:20 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:45:48 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/09/04 02:47:48 | 000,028,672 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll
MOD - [2010/09/02 07:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\3.0.108.222\AsusWSShellExt.dll


========== Services (SafeList) ==========

SRV - [2012/09/24 08:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 08:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/09/21 07:33:37 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 18:28:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/12/21 16:14:46 | 000,413,696 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009/08/18 21:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/10/08 05:46:31 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45BAEEEC-3E3D-42CA-BFCE-80DE4379F9CE}\MpKsl852f03d7.sys -- (MpKsl852f03d7)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/06/24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/12/16 10:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/22 17:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/12/21 16:14:44 | 000,043,008 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2009/12/21 14:14:26 | 000,061,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2009/11/13 13:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/08/13 11:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/20 05:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:29 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2009/07/05 22:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2007/12/18 01:17:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)
DRV - [2007/12/18 01:17:52 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)
DRV - [2007/12/18 01:17:50 | 000,360,448 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2007/04/23 14:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt)
DRV - [2007/04/23 14:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 14:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 14:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 14:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{5E3C9DBF-4472-4655-AC7D-9B3FB40AE05B}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {5E3C9DBF-4472-4655-AC7D-9B3FB40AE05B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7E4B93EA-E51F-4FB5-9BF3-B84253EAC201}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2.6
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5.112
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.privit....com/?aff=7&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Elrod\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Elrod\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elrod\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elrod\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 18:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 18:26:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 18:28:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 18:26:06 | 000,000,000 | ---D | M]

[2010/09/19 09:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Extensions
[2012/09/20 21:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions
[2011/08/24 21:26:52 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/03 21:57:34 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/07/10 16:39:27 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\[email protected]
[2010/09/23 22:00:12 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\[email protected]
[2011/07/12 20:28:57 | 000,201,169 | ---- | M] () (No name found) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\[email protected]
[2012/07/24 21:00:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/03 19:30:44 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/09/19 20:45:29 | 000,001,820 | ---- | M] () -- C:\Users\Elrod\AppData\Roaming\Mozilla\Firefox\Profiles\a3eow021.default\searchplugins\bing.xml
[2012/09/07 18:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 18:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 18:28:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/31 20:52:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/31 20:52:43 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.privitize.com/?aff=7
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.privitize.com/?aff=7
CHR - Extension: No name found = C:\Users\Elrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (CouponDropDown) - {11111111-1111-1111-1111-110011431152} - C:\Program Files\CouponDropDown\CouponDropDown.dll (215 Apps)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EEESplendidAR] C:\Program Files\ASUS\EPC\EeeSplendid\AutoRun.exe ()
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe File not found
O4 - HKCU..\Run: [Spyware Doctor] C:\Users\Elrod\Desktop\sdsetup.exe -min File not found
O4 - Startup: C:\Users\Elrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyrid...pplets/sync.cab (SyncXfer Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B50F49B-3C7C-4E32-84E2-041ABD8D1A10}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{832819E6-AAFE-4C5A-A0A7-775D1D05C1A4}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c8f53c0-b1cd-11df-8438-0015832e5731}\Shell - "" = AutoRun
O33 - MountPoints2\{7c8f53c0-b1cd-11df-8438-0015832e5731}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 07:44:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elrod\Desktop\OTL(2).exe
[2012/10/08 06:38:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/10/08 06:33:12 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/10/08 06:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\URE
[2012/10/08 06:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2012/10/08 06:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2012/10/08 06:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\program
[2012/10/08 06:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Basis
[2012/10/08 06:23:15 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/10/08 06:07:25 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\Secunia PSI
[2012/10/08 06:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/10/07 19:36:44 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{D467FCD9-EB39-4088-8D18-4DBDC5AC88AA}
[2012/10/07 01:18:28 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{3465D8B4-7959-4AD8-B5D9-5FBB1DE554BC}
[2012/10/06 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{E3487128-E252-4012-8BB4-EDB05EA3B851}
[2012/10/06 10:55:40 | 000,000,000 | ---D | C] -- C:\Users\Elrod\Desktop\funnies
[2012/10/05 19:19:13 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{1C358EDF-8615-4E1F-A265-4D7EFB85BD85}
[2012/10/05 06:18:08 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{7D93E4BB-4B99-4AA9-9F46-EB77136EA4B1}
[2012/10/04 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{8911D401-1D34-4793-A5D1-DFF99859B6C8}
[2012/10/04 08:33:21 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{D698E97D-280E-4DAF-8E77-7544A3AE1355}
[2012/10/03 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{EA2F54A4-3A9C-4910-913C-3146FE39DB97}
[2012/10/02 21:33:13 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{2D7C202B-9CFE-4CF8-A073-0E903CBAD043}
[2012/10/02 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{DA02F805-9216-45EB-8320-EFA24C965E32}
[2012/10/02 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{B1054E83-7626-4640-A03B-C7B50DEB9B57}
[2012/10/01 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{7683B3C8-3A76-4E18-9FD0-5F74D793E54B}
[2012/09/30 11:30:13 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{638193E4-F987-4C39-98D2-E99DA579DADA}
[2012/09/29 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{688F8924-B916-4792-9C63-6850BCDF94CC}
[2012/09/29 19:20:10 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{C9F79F64-BC9C-423C-AF08-A6D392A6F57F}
[2012/09/29 19:10:00 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{06F2A771-633F-4D7C-BDC9-5B931C56A202}
[2012/09/28 22:22:07 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{9AB8B011-37A5-48AF-ADF4-CE4B564E3424}
[2012/09/27 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{94B87501-3A78-4F92-9E96-55982BF9B989}
[2012/09/27 00:23:21 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{14ABDDCE-AC5A-4FDC-9018-EE5F08327669}
[2012/09/26 07:23:05 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{6543D672-CD55-48E9-956B-6C3C2D7FD0BB}
[2012/09/25 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{49A0717B-98E2-401D-90DB-BE4F4A33BC2F}
[2012/09/24 18:42:44 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{D0F9870C-8E48-4859-A2F6-30A04BA58001}
[2012/09/23 20:37:57 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{3D4612C0-81D5-49E0-BC18-144E42706576}
[2012/09/23 00:20:35 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{0689E992-5BB1-4111-9C1A-E8941C75E77A}
[2012/09/22 09:58:44 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{4B21E8DB-D45E-4F73-8353-5B4DB0BD4DC3}
[2012/09/22 04:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/22 04:30:40 | 000,000,000 | ---D | C] -- C:\98b081530bae09eb1c
[2012/09/21 21:34:44 | 000,000,000 | R--D | C] -- C:\Users\Elrod\Documents\Scanned Documents
[2012/09/21 21:34:43 | 000,000,000 | ---D | C] -- C:\Users\Elrod\Documents\Fax
[2012/09/21 07:45:15 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{94E535C6-D9FC-4F8F-86FB-0A81830E293C}
[2012/09/20 19:44:49 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{52AC5680-23EE-4B9B-9799-54BDBDC59D2B}
[2012/09/19 19:56:14 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{05073FE9-A88F-445B-9837-E5809695BEBF}
[2012/09/18 20:23:53 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{95B69C1C-C7F9-4B73-AB4F-73D3E7E20998}
[2012/09/18 07:55:50 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{FE8DBEE9-4264-4D91-A46D-B7498782A1F9}
[2012/09/17 09:06:26 | 000,000,000 | ---D | C] -- C:\Users\Elrod\My Downloads
[2012/09/17 09:03:24 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Roaming\FreeTorrentViewer
[2012/09/17 08:54:33 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\CouponDropDown
[2012/09/17 08:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\CouponDropDown
[2012/09/17 07:00:59 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{0AD7216C-EB05-4C0F-A275-80C0488E3EE1}
[2012/09/16 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{9EEC8345-9244-4E32-AEAF-AA6F4C70DDE7}
[2012/09/15 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{C1B7A0AE-05BF-42F7-B8C3-EADF0F1DF136}
[2012/09/15 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\Elrod\Documents\Wheeler Dealers Season 1
[2012/09/15 06:06:28 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{2FBD228A-7E77-4E75-9F6C-A6E7A8B254E6}
[2012/09/14 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{85202B37-2605-40CC-89D4-5A0AF49A45A1}
[2012/09/13 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{2FC71FCD-7C66-4283-BD82-58748140C8FB}
[2012/09/11 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{C4E5C3BE-0AA4-4B8E-9548-40400C870DBC}
[2012/09/11 06:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/09/11 06:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/09/10 19:24:22 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{EB031AB9-CDFF-4F59-963F-F2FCE3D36088}
[2012/09/09 09:05:48 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{1E9AD908-6D05-4207-9F90-60E1E663D8A1}
[2012/09/09 03:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/09 03:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/08 12:15:36 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{8DF4845B-C91D-4F32-A5BE-45A97D1CA0D8}
[2012/09/08 08:41:50 | 000,000,000 | ---D | C] -- C:\Users\Elrod\AppData\Local\{10AE22DF-AE42-4676-BD8F-75591DCE7EA4}

========== Files - Modified Within 30 Days ==========

[2012/10/08 07:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elrod\Desktop\OTL(2).exe
[2012/10/08 07:45:02 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3943647301-1139218821-2754288306-1000UA.job
[2012/10/08 07:33:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 07:06:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/08 06:37:47 | 000,001,006 | ---- | M] () -- C:\Users\Elrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/10/08 06:33:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/10/08 06:09:05 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/08 05:55:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 05:55:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 05:51:15 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/10/08 05:51:15 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/10/08 05:46:36 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 05:46:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/08 05:46:05 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 09:45:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3943647301-1139218821-2754288306-1000Core.job
[2012/10/05 22:09:20 | 003,080,038 | ---- | M] () -- C:\Users\Elrod\Desktop\SAM_0637.JPG
[2012/10/05 07:04:34 | 000,007,585 | ---- | M] () -- C:\Users\Elrod\AppData\Local\Resmon.ResmonCfg
[2012/10/05 03:02:31 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/19 20:08:15 | 000,000,062 | ---- | M] () -- C:\Users\Elrod\Desktop\Gmail.URL
[2012/09/18 09:28:16 | 000,016,513 | ---- | M] () -- C:\Users\Elrod\Documents\MEDS.odt
[2012/09/16 21:54:00 | 000,000,288 | ---- | M] () -- C:\Users\Elrod\AppData\Roaming\.backup.dm
[2012/09/16 07:04:20 | 000,007,919 | ---- | M] () -- C:\Users\Elrod\Desktop\Wheeler Dealers - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/10/08 06:37:47 | 000,001,006 | ---- | C] () -- C:\Users\Elrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/10/08 06:33:12 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/10/08 06:07:16 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/08 06:07:16 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/09/19 20:08:15 | 000,000,062 | ---- | C] () -- C:\Users\Elrod\Desktop\Gmail.URL
[2012/09/16 21:54:00 | 000,000,288 | ---- | C] () -- C:\Users\Elrod\AppData\Roaming\.backup.dm
[2012/09/16 07:04:20 | 000,007,919 | ---- | C] () -- C:\Users\Elrod\Desktop\Wheeler Dealers - Shortcut.lnk
[2012/08/13 10:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files\readme.html
[2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2011/09/13 21:42:15 | 000,141,077 | ---- | C] () -- C:\windows\hpwins27.dat
[2011/09/13 21:42:15 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat
[2011/04/26 09:11:19 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/04/26 09:11:19 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2010/08/29 18:49:51 | 000,002,134 | ---- | C] () -- C:\Users\Elrod\.recently-used.xbel
[2010/08/22 07:15:25 | 000,007,585 | ---- | C] () -- C:\Users\Elrod\AppData\Local\Resmon.ResmonCfg
[2010/07/26 10:23:46 | 000,374,427 | ---- | C] () -- C:\Users\Elrod\Garmin Communicator - download to gps.mht
[2010/07/25 22:12:23 | 001,893,241 | ---- | C] () -- C:\Users\Elrod\TERMDIRECTORY070110generic.pdf
[2010/07/17 17:38:11 | 001,551,712 | ---- | C] () -- C:\Users\Elrod\ShowerHandbook-ENG09.pdf
[2010/07/17 17:26:33 | 002,190,806 | ---- | C] () -- C:\Users\Elrod\DitraHandbook.pdf
[2010/07/14 21:08:57 | 001,336,327 | ---- | C] () -- C:\Users\Elrod\2675_OwnersManual.pdf
[2010/07/10 20:24:44 | 000,761,500 | ---- | C] () -- C:\Users\Elrod\Home is Where the Heart is ~ 5x7 Bathroom Redo ~.mht
[2010/06/25 07:51:23 | 000,000,136 | ---- | C] () -- C:\Users\Elrod\attfivestar.url
[2010/05/29 20:37:39 | 001,341,562 | ---- | C] () -- C:\Users\Elrod\MotoW385_Manual.pdf
[2010/03/01 05:48:09 | 000,005,120 | ---- | C] () -- C:\Users\Elrod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 02:26:09 | 000,033,134 | ---- | C] () -- C:\Users\Elrod\AppData\Roaming\UserTile.png
[2010/02/26 11:44:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/24 09:21:43 | 000,000,256 | ---- | C] () -- C:\Users\Elrod\AppData\Roaming\wklnhst.dat
[2009/11/10 19:49:39 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/28 22:19:08 | 000,000,000 | -HSD | M] -- C:\Users\Elrod\AppData\Roaming\.#
[2010/03/20 07:14:39 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Asus
[2012/10/08 06:50:57 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Asus WebStorage
[2012/10/04 16:04:17 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Audacity
[2011/12/05 03:43:49 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\FileOpen
[2012/09/17 09:06:26 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\FreeTorrentViewer
[2011/01/10 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\GARMIN
[2010/08/29 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\gtk-2.0
[2011/10/15 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\IrfanView
[2010/03/11 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\OpenOffice.org
[2010/12/10 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\OverDrive
[2012/03/26 07:26:27 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Rovio
[2012/06/28 08:58:51 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Synaptics
[2011/04/07 06:48:56 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Teleca
[2011/06/08 17:49:39 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Template
[2010/11/09 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Elrod\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 961 bytes -> C:\Users\Elrod\Documents\FW_ Payroll Update_ 2010 Electronic W-2 (eW-2).eml:OECustomProperty
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:50DD4118
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B623B5B8

< End of report >

Thanks again for any help you can give me.

Sincerely,
Dave423
  • 0

Advertisements

#2
dave423
Posted 14 October 2012 - 06:37 AM

dave423

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I used SuperAnti Spyware and it found a lot of adware and some other problems, then cleared everything up. Thanks for being there. Just reading the forums is a terrific help. You can mark this one solved. Once again, thanks.

Dave423
  • 0

#3
godawgs
Posted 14 October 2012 - 11:09 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP