Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Zbot virus help [Solved]


  • This topic is locked This topic is locked

#16
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi Diedre,
In the Kaspersky report, I was really looking for information about the files it picked up. Perhaps if you open the report you can copy/paste the info I need into another post. I don't have Kaspersky myself, but maybe the info on this page will help you find the full report that I would like to see. I am interested in the two detections, Trojan-Downloader.Win32.Genome.ddxs and PDM.Keylogger
I need to know what the files were, and where they are located.
Posted Image
In the grapic above, you can see that the file info is down on the bottom listed as Object:
That would be the info I am interested in, full path (C:\directory) and file name.

Since the repair tool from tweaking.com did not work, I would like you to try a different repair tool.
Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    
  • Then click the Run Fix button at the top
Step 2
Please download Complete Internet Repair from here, download the file to your desktop, then double click it and extract all the files to a folder of your choice.

Temporarily disable WinPatrol(so it will not hinder the fix below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.

Next, run the main executable file (usually, " CIntRep.exe") in the newly extracted folder. I think you will want to right click this file and select Run as Administrator
Please select ONLY Repair Internet Explorer 9.xx.xxxx
Press the Go button.

After the program finished, please try the browser once again.

My availability will be a little limited over the Thanksgiving holiday. I won't leave you hanging, I'll just be around a little less.
  • 0

Advertisements


#17
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

Sorry I took so long to get back to you but my pc has been difficult to deal with and super slow. Before only IE9 was crashing and not responding, now other programs are doing the same. It seems like if I run Ccleaner, programs respond and open a little quicker. I tried to get a more complete log from Kaspersky but all it showed when I looked for a list of threats or quarantined items was a list of items it has scanned and nothing more. Late last night I found where the trojan was and I deleted it in a temp folder. My subscription to Kaspersky was expiring and I had a free six month trial of Pure so I went ahead and installed it. Only then did I get a list of quarantined items but only for today's date.

I tried the IE9 repair and it didn't make a difference so in desperation I found and downloaded a preview of IE10 which replaced the 32 and 64 bit versions of IE9 I had. It is now running better than before, but its still freezing way too much and so is everything else.


Is there a Windows Repairer out there that can get my machine running better again?



Date: Today (events: 14)
EICAR-Test-File Deleted 11/24/2012 6:59:25 PM
is-pvhqg.tmp Quarantined 11/24/2012 6:59:25 PM
is-fpemv.tmp Quarantined 11/24/2012 6:59:25 PM
is-pdi0c.tmp Quarantined 11/24/2012 6:59:25 PM
_shfoldr.dll Quarantined 11/24/2012 6:59:25 PM
is-5pc8c.tmp Quarantined 11/24/2012 6:59:25 PM
not-a-virus:HEUR:AdWare.Win32.ScreenSaver.heur Deleted 11/24/2012 6:59:25 PM
UDS:DangerousObject.Multi.Generic Quarantined 11/24/2012 6:59:20 PM
is-8d163.tmp Quarantined 11/24/2012 6:59:20 PM
is-8jhjv.tmp Quarantined 11/24/2012 6:59:20 PM
is-1uj8a.exe Quarantined 11/24/2012 6:59:20 PM
_regdll.tmp Quarantined 11/24/2012 6:59:20 PM
is-cv9rj.tmp Quarantined 11/24/2012 6:59:20 PM
_setup64.tmp Quarantined 11/24/2012 6:59:20 PM
  • 0

#18
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
:surrender:

Edited by Diedre, 24 November 2012 - 09:02 PM.

  • 0

#19
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi Diedre,

I am seeing Kaspersky flagging mostly temp files.
Let's try this stategy, I would like you to uninstall Kaspersky and re-install it. If your kaspersky subscription is about to run out anyways, would you be willing to install a different anti-virus?
If you are keeping Kaspersky -
Make sure you have your install CD handy, if you installed it that way. You can upgrade to the 2013 package for free, so I recommend going that route, or you can download a fresh copy of 2012 from this page here
Step 1
Uninstall Kaspersky Internet Security 2012 - there are very detailed instructions on their website here If you are reinstalling Kaspersky then it's important to Keep activation data don't miss this step.

Now if you are keeping Kaspersky, please reinstall the program. Here is a Kaspersky guide for this process

If you decide on a different AV product, I would recommend one of these 3 (did I mention that they are free?): (but make sure to only install ONE anti-virus)


Step 2
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select the All Users box, then go to the Extra Registry section and select Use Safe List
  • Click the Run Scan button. Do not change any other settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#20
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

I reinstalled Kaspersky Pure for now. I have used a lot of anti virus programs and sooner or later a virus gets by them. I don't know of a program that catches all threats all of the time.




OTL logfile created on: 11/27/2012 11:29:40 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IE NET\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 27.67% Memory free
5.98 Gb Paging File | 2.03 Gb Available in Paging File | 33.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 77.22 Gb Free Space | 51.84% Space Free | Partition Type: NTFS
Drive D: | 574.94 Mb Total Space | 566.43 Mb Free Space | 98.52% Space Free | Partition Type: UDF

Computer Name: DIEDRESCOMPUTER | User Name: IE NET | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 13:59:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
PRC - [2012/10/14 14:29:46 | 029,378,432 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2012/09/19 23:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/05 18:09:32 | 003,474,888 | ---- | M] (Webshots.com) -- C:\Program Files (x86)\Webshots\3.1.5.7620\Webshots.scr
PRC - [2012/08/09 13:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2011/02/24 11:59:08 | 002,000,712 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 16:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/12/24 12:22:20 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2011/12/24 12:22:20 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2011/12/24 12:22:16 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2011/12/24 12:22:16 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2011/12/24 12:22:14 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2011/12/24 12:22:12 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2011/12/24 12:21:10 | 000,459,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV - [2012/11/19 16:11:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/19 05:10:58 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/09/19 05:10:54 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/08/09 13:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/20 11:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV - [2012/08/29 15:42:28 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://btsearch.name"
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {B1FC07E1-E05B-4567-8891-E63FBE545BA8}:1.2.0
FF - prefs.js..keyword.URL: "http://btsearch.name...results.php?q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/19 21:31:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/12 15:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/11/23 16:29:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/19 21:31:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/11/27 02:54:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/11/27 02:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/11/27 02:54:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 17:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/20 14:36:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRA~2\YOUTUB~1\YouTube Downloader.xpi

[2012/11/02 17:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Extensions
[2012/11/09 18:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/11/12 17:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\6t79x38f.default-1352143406514\extensions
[2012/11/09 18:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/19 21:31:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/11/23 16:29:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/19 21:31:35 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/09 18:33:56 | 000,002,265 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Custom search.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - Extension: Google Search = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\
CHR - Extension: Ella Moss = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk\2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: My Chrome Theme = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\
CHR - Extension: Gmail = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/11 14:46:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004..\Run: [iDailyDiary] C:\iDailyDiary\iDD.exe ()
O4 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004..\Run: [Kaspersky Anti-Virus] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5837953-A1AE-4CDC-BDB3-26E6A8C8906C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/11/27 00:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/11/27 00:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/11/27 00:04:39 | 000,000,000 | --SD | C] -- C:\Users\IE NET\Documents\Passwords Database
[2012/11/26 19:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/11/26 19:06:19 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/11/25 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Skinux
[2012/11/25 14:02:14 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/11/25 14:01:58 | 000,000,000 | ---D | C] -- C:\Intel
[2012/11/25 13:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/11/25 13:58:01 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\SystemRequirementsLab
[2012/11/24 22:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/24 19:02:03 | 000,000,000 | R--D | C] -- C:\Backup
[2012/11/23 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/11/23 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/11/23 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/11/23 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\RealNetworks
[2012/11/22 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\New folder
[2012/11/22 19:46:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/22 17:04:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/22 16:04:17 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\My Extracted Files
[2012/11/22 15:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitZipper
[2012/11/22 11:42:17 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2012/11/22 11:42:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/11/22 11:42:11 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2012/11/22 11:42:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/11/22 11:42:11 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/11/22 11:42:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/11/22 11:42:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/11/22 11:42:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/22 11:42:07 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/11/22 11:41:53 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/22 11:41:53 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/11/22 11:41:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/22 11:41:51 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/11/22 11:41:51 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/11/22 11:41:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/11/22 11:41:50 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/11/22 11:41:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/11/22 11:41:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/11/22 11:41:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/22 11:41:31 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/11/22 11:41:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/11/22 11:41:29 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/11/22 11:41:28 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/11/22 11:41:27 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/22 11:41:25 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/22 11:41:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/11/22 11:41:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/11/22 11:41:25 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/11/22 11:41:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/11/22 11:30:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2012/11/22 11:30:00 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2012/11/22 11:30:00 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2012/11/22 11:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2012/11/22 11:29:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2012/11/22 11:29:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2012/11/22 11:29:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2012/11/22 11:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2012/11/22 11:29:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2012/11/22 11:29:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/11/22 11:29:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/11/22 11:29:45 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2012/11/22 11:29:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012/11/22 11:29:41 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012/11/22 11:29:36 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2012/11/19 21:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/11/19 21:31:53 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/11/19 21:31:29 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/11/19 21:31:29 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/11/19 21:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/11/19 21:31:28 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/19 20:51:45 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/11/17 10:49:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/15 13:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/11/14 13:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/14 00:49:10 | 000,000,000 | ---D | C] -- C:\68c7ae2128a409909c
[2012/11/14 00:22:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/14 00:22:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/14 00:22:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/14 00:22:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/14 00:20:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/12 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\DDMSettings
[2012/11/12 15:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/11/12 15:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/11/11 16:28:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/11 16:28:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/11 16:28:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/11 16:28:18 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/11 16:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/11 15:59:00 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/11 15:59:00 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/11 14:32:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/11 14:32:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/11 14:32:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/11 14:32:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/11 14:32:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/11 14:31:30 | 005,002,404 | ---- | C] (Swearware) -- C:\Users\IE NET\Desktop\ComboFix.exe
[2012/11/10 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
[2012/11/10 12:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/11/09 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\f-secure
[2012/11/09 10:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/11/08 17:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/11/07 22:04:08 | 000,000,000 | ---D | C] -- C:\found.000
[2012/11/06 23:47:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/11/06 18:10:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/06 06:34:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/11/03 13:59:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
[2012/11/03 12:55:51 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\QuickScan
[2012/11/02 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\Macromedia
[2012/11/02 17:18:56 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\Mozilla
[2012/11/02 17:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/02 17:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/02 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/02 13:16:08 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\WinPatrol
[2012/11/02 13:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/11/02 13:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/11/02 13:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/02 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/01 22:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%Report%
[2012/11/01 16:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/01 13:31:06 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Malwarebytes
[2012/11/01 10:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/31 23:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/10/31 23:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/10/31 23:12:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/31 22:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/31 18:30:35 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/31 18:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/31 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\SRM
[2012/10/31 15:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/10/31 15:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/10/31 15:15:27 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\SlimWare Utilities Inc
[2012/10/30 16:43:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/10/30 13:54:26 | 000,000,000 | ---D | C] -- C:\ldiag
[2012/10/30 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2012/10/30 13:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2012/10/30 13:37:43 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\LSC
[2012/10/30 13:28:27 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\LSC
[2012/10/29 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

========== Files - Modified Within 30 Days ==========

[2012/11/27 11:26:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/27 11:15:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/27 08:30:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/27 08:29:53 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/11/27 08:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 19:06:19 | 000,002,935 | ---- | M] () -- C:\Users\IE NET\Desktop\Reflect.lnk
[2012/11/26 12:24:23 | 003,044,188 | ---- | M] () -- C:\Users\IE NET\Desktop\Performance Report.html
[2012/11/24 11:30:02 | 000,001,140 | ---- | M] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/11/23 16:10:58 | 000,001,137 | ---- | M] () -- C:\Users\IE NET\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/22 11:42:17 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2012/11/22 11:42:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/11/22 11:42:11 | 000,718,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2012/11/22 11:42:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/11/22 11:42:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/11/22 11:42:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/11/22 11:42:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/11/22 11:42:09 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/22 11:42:07 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/11/22 11:41:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/22 11:41:53 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/11/22 11:41:52 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/22 11:41:51 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/11/22 11:41:51 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/11/22 11:41:51 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/11/22 11:41:50 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/11/22 11:41:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/11/22 11:41:47 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/11/22 11:41:39 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/22 11:41:31 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/11/22 11:41:31 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/11/22 11:41:30 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/11/22 11:41:28 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/11/22 11:41:28 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/22 11:41:26 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/22 11:41:25 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/11/22 11:41:25 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/11/22 11:41:25 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/11/22 11:41:22 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/11/22 11:41:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/11/22 11:30:02 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2012/11/22 11:30:00 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2012/11/22 11:30:00 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2012/11/22 11:30:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2012/11/22 11:30:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2012/11/22 11:29:59 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2012/11/22 11:29:57 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2012/11/22 11:29:56 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2012/11/22 11:29:54 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2012/11/22 11:29:48 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/11/22 11:29:47 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/11/22 11:29:46 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2012/11/22 11:29:44 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012/11/22 11:29:42 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012/11/22 11:29:36 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2012/11/20 12:04:11 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/11/19 21:31:53 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/11/19 21:31:29 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/11/19 21:31:29 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/11/19 21:31:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/19 16:11:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/19 16:11:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/17 11:22:53 | 000,061,440 | ---- | M] ( ) -- C:\Users\IE NET\Desktop\VEW.exe
[2012/11/17 10:34:43 | 005,002,404 | ---- | M] (Swearware) -- C:\Users\IE NET\Desktop\ComboFix.exe
[2012/11/15 08:46:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/12 20:04:35 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg
[2012/11/12 20:04:35 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg
[2012/11/12 16:01:06 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
[2012/11/11 16:28:00 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/11 16:28:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/11 16:28:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/11 16:28:00 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/11 16:27:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/11/11 16:27:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/11/09 18:33:56 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/09 11:26:25 | 000,666,112 | ---- | M] () -- C:\Users\IE NET\Desktop\RogueKiller.exe
[2012/11/09 02:33:50 | 000,109,482 | ---- | M] () -- C:\Users\IE NET\AppData\Local\ars.cache
[2012/11/09 00:51:20 | 000,842,432 | ---- | M] () -- C:\Users\IE NET\AppData\Local\census.cache
[2012/11/07 13:33:18 | 000,541,569 | ---- | M] () -- C:\Users\IE NET\Desktop\AdwCleaner.exe
[2012/11/06 13:14:37 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/11/05 23:53:55 | 000,000,036 | ---- | M] () -- C:\Users\IE NET\AppData\Local\housecall.guid.cache
[2012/11/03 13:59:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
[2012/11/01 21:32:21 | 000,000,017 | ---- | M] () -- C:\Users\IE NET\AppData\Local\resmon.resmoncfg

========== Files Created - No Company Name ==========

[2012/11/26 19:06:19 | 000,002,935 | ---- | C] () -- C:\Users\IE NET\Desktop\Reflect.lnk
[2012/11/26 13:07:30 | 003,044,188 | ---- | C] () -- C:\Users\IE NET\Desktop\Performance Report.html
[2012/11/25 17:07:28 | 000,001,140 | ---- | C] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/11/22 11:41:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/11/17 11:22:52 | 000,061,440 | ---- | C] ( ) -- C:\Users\IE NET\Desktop\VEW.exe
[2012/11/12 18:08:42 | 000,008,107 | ---- | C] () -- C:\Windows\w7dsd.reg
[2012/11/12 18:08:42 | 000,008,089 | ---- | C] () -- C:\Windows\w7dse.reg
[2012/11/11 15:59:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/11 14:32:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/11 14:32:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/11 14:32:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/11 14:32:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/11 14:32:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/09 18:28:24 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/09 11:26:20 | 000,666,112 | ---- | C] () -- C:\Users\IE NET\Desktop\RogueKiller.exe
[2012/11/07 13:33:07 | 000,541,569 | ---- | C] () -- C:\Users\IE NET\Desktop\AdwCleaner.exe
[2012/11/06 00:01:49 | 000,842,432 | ---- | C] () -- C:\Users\IE NET\AppData\Local\census.cache
[2012/11/06 00:01:40 | 000,109,482 | ---- | C] () -- C:\Users\IE NET\AppData\Local\ars.cache
[2012/11/05 23:53:55 | 000,000,036 | ---- | C] () -- C:\Users\IE NET\AppData\Local\housecall.guid.cache
[2012/11/02 17:18:37 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/01 22:26:55 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
[2012/11/01 21:32:21 | 000,000,017 | ---- | C] () -- C:\Users\IE NET\AppData\Local\resmon.resmoncfg
[2012/11/01 10:11:10 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/10/31 23:13:10 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/09 18:12:06 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/06 21:12:22 | 000,017,408 | ---- | C] () -- C:\Users\IE NET\AppData\Local\WebpageIcons.db
[2011/08/06 12:32:52 | 000,011,776 | ---- | C] () -- C:\Users\IE NET\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 13:04:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblinpa.dll
[2011/05/14 13:04:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxblcomx.dll
[2011/05/14 13:04:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBLinst.dll
[2011/05/14 13:03:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpmui.dll
[2011/05/14 13:03:59 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbliesc.dll
[2011/05/14 13:03:57 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblusb1.dll
[2011/05/14 13:03:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblserv.dll
[2011/05/14 13:03:56 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblppls.exe
[2011/05/14 13:03:56 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblprox.dll
[2011/05/14 13:03:55 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbllmpm.dll
[2011/05/14 13:03:55 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblih.exe
[2011/05/14 13:03:55 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpplc.dll
[2011/05/14 13:03:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblhbn3.dll
[2011/05/14 13:03:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomc.dll
[2011/05/14 13:03:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcoms.exe
[2011/05/14 13:03:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomm.dll
[2011/05/14 13:03:52 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcfg.exe
[2011/04/30 21:01:41 | 000,001,481 | ---- | C] () -- C:\Users\IE NET\.recently-used.xbel
[2011/03/30 11:28:26 | 000,874,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/22 19:09:24 | 000,000,114 | -H-- | C] () -- C:\Users\IE NET\AppData\Local\tokdet56.dat
[2011/03/13 18:55:40 | 000,000,632 | RHS- | C] () -- C:\Users\IE NET\ntuser.pol
[2011/03/07 15:40:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2011/03/07 15:40:33 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 11/27/2012 11:29:40 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IE NET\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 27.67% Memory free
5.98 Gb Paging File | 2.03 Gb Available in Paging File | 33.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 77.22 Gb Free Space | 51.84% Space Free | Partition Type: NTFS
Drive D: | 574.94 Mb Total Space | 566.43 Mb Free Space | 98.52% Space Free | Partition Type: UDF

Computer Name: DIEDRESCOMPUTER | User Name: IE NET | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0619C1B7-B15A-4ABD-90F2-F4E96368ABCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FF28CD4-5AE0-46EE-8F9F-57F6B5C35E76}" = rport=138 | protocol=17 | dir=out | app=system |
"{208ED469-DEC9-4F33-8D29-44AA0C9DEE7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2738F011-4ECE-47EA-B958-8A704DA3CE54}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{30FD7FF2-CC71-4229-9AC0-305E8411738C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3339166B-855D-4BBB-9CE7-AC121674B2B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48D285AA-CDDF-4488-9CF5-B1C4FDB1604E}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B02A8A1-FC4C-43B4-AE01-A20AD6BF8A8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{723070AC-C915-407E-8BA8-BB9696BB4EF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75585679-7F3A-4430-A0CA-CE6F5FBDD374}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{782F857D-47F0-455C-9278-0697397149A6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B041CF0-D0A9-48C8-9E3D-2279EF83234D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FB37635-7BC0-4C5E-9B3B-EE2B190E9CA3}" = rport=139 | protocol=6 | dir=out | app=system |
"{90F2D86D-2066-4E02-B36B-F070A308EF29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91401B0E-3C3E-4D72-B15D-8503954CFE1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5583249-59CF-457B-A370-8930EE7BC96A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B69C4A66-4262-44F5-9F82-B5E40161FCB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B86FFEAA-5856-4175-A342-061E25D1190D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEC3B83A-3313-4CDA-8EDB-E753777DECB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF596326-7714-48F2-96F8-69AC98C2657A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2D0F2CB-1387-4B0D-B15E-9279F7160C5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C94799B9-2FE8-4804-8AA3-F4A6DBAFB81B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCD09DF3-0049-45AA-B207-C9228FF4F0BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE56DA9C-BFCD-4B3F-B788-74013FD06658}" = rport=137 | protocol=17 | dir=out | app=system |
"{D09E9C3A-6F81-4729-8328-A5EC07B5F326}" = rport=445 | protocol=6 | dir=out | app=system |
"{D37EBA58-3498-4734-8F1B-87286F585DAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{E237F544-2D44-455D-986E-AAA9FC9456FB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E83FF18F-6BA2-4A33-BA6F-75744AA98291}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC1660DA-22ED-4F51-BACE-B514117718D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE4A2CCF-CF01-4E64-BA84-04EF37E7ED63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1BBC180-7504-4633-A5D3-4C3D48AD0378}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F268F63E-9D6A-40EC-9A2A-C00D4D9BFF3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F30A999F-7B6B-42D4-B4E9-23B65A273712}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F52BE151-0B42-443F-A130-1143CCFE84D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FB5D2286-8049-4DF8-B42C-45A627233666}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE4E06DC-1221-47DC-B075-33824EA1D875}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055D0AFD-6587-4A0E-BC01-80B7C493C659}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E29B101-DBED-4C7B-AC3E-ADCEEADB33AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{122EDEE4-9D3A-44E0-A729-C379EF8602BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17DBE485-2B71-4B59-9100-6BD4FECE0C68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1863E3A8-9461-4066-9C57-CA595DB536B2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{197DC31E-949D-4586-BAAB-E18A07CAECD2}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{1B377AAB-DB04-46DB-B2DD-0F78E309B5F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21827776-FE24-4F41-BE23-ACBB00E3ECA3}" = protocol=1 | dir=out | [email protected],-28544 |
"{2AA2A1CD-8BED-4B20-99C9-EDF439434ADB}" = protocol=58 | dir=in | [email protected],-28545 |
"{39B036B5-BA3D-4390-89D0-DCAA664BDC20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39F11BCB-89B2-406D-AB32-BDC6BF72C2A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CEDBE15-B754-4A52-896B-457BF4161B97}" = protocol=6 | dir=out | app=system |
"{3D560F51-31BF-44D6-853A-97EE05A0BC4D}" = protocol=6 | dir=in | app=c:\program files (x86)\7-zip\7zfm.exe |
"{603EA2CA-9163-405C-8570-2222AD7873C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6163F805-FF5C-4708-8F3E-528ABF03C84E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6440E546-38F0-4557-A28E-A9102C3F47E6}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{7653141B-811A-42D0-90EB-B852C08DE8FD}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{893BEE10-FF7D-4211-ACE8-B48901A0444D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{8EA890E2-E84C-4D81-97ED-6AACF95DD1D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5BAB383-C467-499C-93AC-7A9C2322E989}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{AB646B59-14DD-47B4-8340-E852E2E5C81C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B1C39578-3E26-46AC-BC0C-052637E22295}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D28BFCF4-DB9A-4ABC-8414-6A6D59808FE1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D7E20ADF-4183-4F75-A6C8-4CECE739075F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBF03D12-D559-445C-A336-C351DA6B050F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0A5F38B-2A0E-4482-8AF7-B0D6C5853F80}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2B04224-EA05-4636-AF98-EC9F752A2E64}" = protocol=17 | dir=in | app=c:\program files (x86)\7-zip\7zfm.exe |
"{F83DB054-57EA-4E42-B487-942C7A052B4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FEB50031-D293-4194-A8FB-DE072619252F}" = protocol=1 | dir=in | [email protected],-28543 |
"{FFCB30E7-4E6F-4BE3-BECB-CC90D649836C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3316FFC7-3DA3-435A-871E-E5C06BB4A3CF}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{33F1E70F-75F2-4807-9E05-0431F5F984BD}C:\users\ie net\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ie net\appdata\roaming\spotify\spotify.exe |
"UDP Query User{73F906CD-8880-46EC-A693-19597B1FB4DC}C:\users\ie net\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ie net\appdata\roaming\spotify\spotify.exe |
"UDP Query User{80DBC09D-7E9B-4946-B5CE-0C3744F7B324}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F1A99A-196F-4D18-BC36-C1DAD6ABCCF3}" = KODAK Share Button App
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.2.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{806077A4-E0F2-5C60-19EC-E3ACFC88E813}" = KODAK Gallery Upload Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A88E1685-1986-4A86-8E88-5FE1E727D026}" = RealDownloader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C96330FC-3CBE-49D2-8EF7-47EFEA33EE84}" = ReLiSimple
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD350F3A-3620-4185-A5E2-88A6437C8415}" = SlimDrivers
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.22beta
"Accounts and Budget Freeware V6.0_is1" = Accounts and Budget Freeware V6.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.4.1
"BWM 2.0 diet manager" = BWM 2.0 diet manager
"com.kodakgallery.AirUploader" = KODAK Gallery Upload Software
"Data Entry Test 2009_is1" = Data Entry Test 2009 Version 5.5.1
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.96
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"iDailyDiary_is1" = iDailyDiary 3.85.1
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"The Weather Channel App" = The Weather Channel App
"Toolbar Cleaner" = Toolbar Cleaner 1.1
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3423992899-3802321084-3640386065-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2012 1:31:00 AM | Computer Name = DiedresComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/27/2012 1:41:31 AM | Computer Name = DiedresComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/27/2012 1:42:36 AM | Computer Name = DiedresComputer | Source = MsiInstaller | ID = 10005
Description =

Error - 11/27/2012 2:28:44 AM | Computer Name = DiedresComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/27/2012 3:56:33 AM | Computer Name = DiedresComputer | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 12.0.1.288, time stamp:
0x4ef5876a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0bb402fc Faulting process id: 0x640 Faulting application
start time: 0x01cdcc716d88cbd8 Faulting application path: C:\Program Files (x86)\Kaspersky
Lab\Kaspersky PURE 2.0\avp.exe Faulting module path: unknown Report Id: f5912597-3867-11e2-a6cc-0025118a17d9

Error - 11/27/2012 3:59:41 AM | Computer Name = DiedresComputer | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 12.0.1.288, time stamp:
0x4ef5876a Faulting module name: bl.ppl, version: 12.0.1.324, time stamp: 0x50642e19
Exception
code: 0xc0000005 Fault offset: 0x00001097 Faulting process id: 0xee0 Faulting application
start time: 0x01cdcc74eaeb6c93 Faulting application path: C:\Program Files (x86)\Kaspersky
Lab\Kaspersky PURE 2.0\avp.exe Faulting module path: C:\Program Files (x86)\Kaspersky
Lab\Kaspersky PURE 2.0\bl.ppl Report Id: 6540698c-3868-11e2-a6cc-0025118a17d9

Error - 11/27/2012 4:00:28 AM | Computer Name = DiedresComputer | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.64, time
stamp: 0x5091791e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x002f003a Faulting process id: 0x1290 Faulting application
start time: 0x01cdcc71b1b85543 Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 8137c9b0-3868-11e2-a6cc-0025118a17d9

Error - 11/27/2012 4:00:56 AM | Computer Name = DiedresComputer | Source = Application Hang | ID = 1002
Description = The program avp.exe version 12.0.1.288 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1010 Start Time:
01cdcc719070ea25 Termination Time: 359 Application Path: C:\Program Files (x86)\Kaspersky
Lab\Kaspersky PURE 2.0\avp.exe Report Id: 8daaa195-3868-11e2-a6cc-0025118a17d9

Error - 11/27/2012 11:54:12 AM | Computer Name = DiedresComputer | Source = Application Error | ID = 1000
Description = Faulting application name: DivXUpdate.exe, version: 1.0.6.15, time
stamp: 0x4e31ebcf Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4a5bda75 Exception code: 0xc0000005 Fault offset: 0x74c72505 Faulting
process id: 0xafc Faulting application start time: 0x01cdcca2eced413e Faulting application
path: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Faulting module path:
netprofm.dll Report Id: af493f68-38aa-11e2-8ecf-0025118a17d9

Error - 11/27/2012 12:27:28 PM | Computer Name = DiedresComputer | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.91, time
stamp: 0x50a2e674 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xb8c Faulting application
start time: 0x01cdcca3eb937cb3 Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 55628358-38af-11e2-8ecf-0025118a17d9

[ Media Center Events ]
Error - 11/16/2012 10:05:52 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:05:51 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/17/2012 10:19:06 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:19:06 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/18/2012 10:44:11 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:44:11 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/19/2012 11:03:07 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:03:07 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 11/20/2012 10:32:27 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:32:24 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/21/2012 10:37:30 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:37:30 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/22/2012 10:46:14 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:46:14 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/23/2012 10:12:15 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:12:14 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/24/2012 10:42:08 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 9:42:08 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/25/2012 11:28:43 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:28:43 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ OSession Events ]
Error - 5/31/2012 2:32:34 PM | Computer Name = home1234-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9417
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/27/2012 9:28:35 AM | Computer Name = DiedresComputer | Source = PNRPSvc | ID = 102
Description =

Error - 11/27/2012 9:28:35 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140995069

Error - 11/27/2012 9:28:35 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140995069

Error - 11/27/2012 9:28:38 AM | Computer Name = DiedresComputer | Source = PNRPSvc | ID = 102
Description =

Error - 11/27/2012 9:28:38 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140995069

Error - 11/27/2012 9:28:38 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140995069

Error - 11/27/2012 11:19:09 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 11/27/2012 11:29:43 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 11/27/2012 11:30:49 AM | Computer Name = DiedresComputer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 11/27/2012 11:43:19 AM | Computer Name = DiedresComputer | Source = DCOM | ID = 10016
Description =

[ TuneUp Events ]
Error - 8/15/2011 2:14:27 PM | Computer Name = home1234-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 8/15/2011 2:15:53 PM | Computer Name = home1234-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >
  • 0

#21
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi Diedre,
You are correct, no AV is going to protect you from everything, especially the newest infections, but however you do need an AV in order to catch last weeks infections.
Questions: Have you used the slimware utiltiy that you have installed, to change any drivers lately? I am not a big fan of driver utilities like this program.
I am not sure what you have done with this program in the past, but it certainly could be contributing to your issues. Once your drivers are up and working, there is no need to keep tinkering with them, unless there is some new feature that a new driver might offer that you would need.
I still don't think that the tuneup utilities that you have installed can do no good. Does it have an undo option in its registry cleaning section? This really is not good for your computer.
I also see some new adware junk, have you been using this computer alot since we started? It would be best if you did not use this computer, or at least used it as little as possible until we are done.

I want to look a little deeper into another part of your system, and then try to fix a service that seems to be misbehaving.
can you tell me if you have a homegroup set up, and if so, is it working correctly?

So before going ahead with the following steps, I would like you to create a restore point manually.
This is quite easy to do - Click on the Start Orb and in the search box type:
create restore point
then press enter.
The System Properties box will open up.
Please click on the Create button, then give the restore point a name (can be anything) and click the Create button on this window.
Now click Close, then click OK.

Step 1
Temporarily disable WinPatrol(so it will not hinder the fix below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Temporarily disable WinPatrol(so it will not hinder the custom OTL fix below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.

Run OTL by right clicking on the icon and selecting Run as Administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Custom search"
    FF - prefs.js..browser.search.selectedEngine: "Custom search"
    FF - prefs.js..browser.startup.homepage: "http://btsearch.name"
    FF - prefs.js..keyword.URL: "http://btsearch.name/results.php?q="
    :Files
    C:\68c7ae2128a409909c
    ipconfig /flushdns /c
    net stop PNRPsvc /c
    net stop P2Psvc /c
    net stop p2pimsvc /c
    ren C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\idstore.sst idstore.sst.old /c
    net start p2pimsvc /c
    net start PNRPsvc /c
    net start P2Psvc /c
    :commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

In your next reply I would like to see:
  • TDSS killer log
  • OTL fix log
  • ADWcleaner log
  • answers to questions, and how is the comptuer running now, any different?

  • 0

#22
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

Yes I did update a couple of drivers with SlimDrivers. I also went to the Intel website and used a utility that also updated drivers. I looked at a report in the control panel that isn't responding right now when I try to open it to better describe what I saw, but it looks like maybe there are a couple extra drivers for one device. But I have got bigger problems than that right now.

I hadn't used my MS office 2007 that much lately, so I used the repair tool to see if anything was missing, and it took me online to a report that listed smart errors on my hard drive. I didn't know what a smart error was before that. I then looked at the administrative tools reports and it also had the smart errors listed. Of the five tests the pc failed the targeted read test reading sector 41331073 and the smart short self test.

I've been reading all I can about smart tests and from what I've found online, they can't be fixed. By the time you start getting them, your pc has already run out of spare sectors to replace and its time to get a new hard drive.

I thought about undoing and restoring all of the changes tuneup utilities made before, but I hesitated and didn't go ahead and do it. After you mentioned it I did restore everything it cleaned but it was set to keep only two months of backups. I had been using tuneup for about a year and a half without any problems but when I found the trojans in late Oct. all [bleep] broke loose on my pc. So did tuneup clean all my files or did the trojan kill my pc?

I bought this pc from someone and didn't buy it new,and have never bought a pc that was used. Is it possible to do a shiny reinstall to sell a pc when it has issues? I did many chkdsk scans and it always said it found no errors. If a virus attacks and files get corrupted or deleted, is the only way to get a pc back to good working order is to do a complete reinstall? Why isn't there a less drastic measure to take?

I don't have the original win7 & ms office 2007 cds, so I'm going to order them and find a program to backup the programs and files I want to keep. I can't buy a new pc right now. How hard is a hard drive to replace? Not sure how to shop for one that is compatible with the system I have. Seagate or Western Digital?

Now, my monitor will not start up without first turning on and off a couple of times and I have to unplug it at least twice before I can get it to come on.
  • 0

#23
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi Diedre,
I think you are going in the right direction with this machine, backing up your data and replacing the hard drive, if the drive is really going bad. If you tell me the make and model of the computer, I will try to find a diagnostic utility from the manufacturer of the drive. That's the sure way to check the drive, and SMART errors are bad news for a hard drive. Now along with the operating system disk you are ordering, you will probably need the original drivers for this make and model, please don't use that slimdriver program to install the drivers for your hardware. With the make and model, I can point you to the proper drivers, which you can download and save to a disk or flash drive.


Yes I did update a couple of drivers with SlimDrivers

Personally, I would not trust an automated program to choose and install my drivers. Who knows how it's making it's choices as to which driver to install? Was there a problem with those drivers that you updated? If not, then why update them at all. Unless there is some new feature that the driver might offer, or if it fixed an issue I was having with a piece of hardware, I never update a driver just because there is a new version.

I also went to the Intel website and used a utility that also updated drivers.


Going to the hardware manufacturer's site to update your drivers is the best route to take, by far. But again, if my drivers are not causing me any problems I don't mess around with them, but when you need to update a driver, going to the manufacturer's website is the proper way to do it, not with a program such as slim drivers.

So did tuneup clean all my files or did the trojan kill my pc?

Tough to say but I am thinking that a combination of the two was pretty bad for your computer.

Is it possible to do a shiny reinstall to sell a pc when it has issues?

Probably not. If there was a problem with the operating system, you probably would have known soon after buying it. Hard drives do wear out as there are a lot of moving parts in there. I personally (mostly) use Wester Digital drives. Seagate is also a good brand.
This is now an opportunity to install a larger hard drive, if you would like. The replacement drive does not have to be the same capacity as the old one.

I did many chkdsk scans and it always said it found no errors.

Chkdsk is looking for errors in the file system and does not always find problems with the physical disk. I believe that chkdsk does not check the SMART status

If a virus attacks and files get corrupted or deleted, is the only way to get a pc back to good working order is to do a complete reinstall?

It's not always needed to do a reformat and reinstall - most annoying adware programs can just be removed, even rootkits can be removed, but when a program opens a backdoor on your system, it might be a good idea to reformat. I saw no backdoor malware on your system, but I am afraid that you have some Windows issues going on on top of some malware issues.
To replace your hard drive, you will need a Windows disk, and you certainly will need your activation key, which should be on a sticker somewhere on the outside case of your computer. You will need all of the installation media for all of the programs you have on your computer, and of course you will need to back up all of the data (documents, photos, music, etc...)
Before you start out on your quest to change hard drives, I would like you to read this article over, to better prepare you for the task. The guide was written for XP but the preparation is pretty much the same.
  • 0

#24
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

I am not sure how to proceed. How do I know the smart warning wasn't malware related? I have already run hard drive tests by Lenovo and Seagate and both reported smart test failure. So I can trust the results of those tests and know for sure I need to replace my hard drive?

To begin with, I am stuck with the back up part of this project. I wanted to do a clean install so I bought operating system recovery disks from Lenovo. I used a program to extract the product keys from the registry but Lenovo said MS Office 2007 didn't come on the pc originally and when I gave Microsoft the product key I got they said something about the software having been purchased in multiples and I would need a seven digit license number from the person who bought it first. What? I'm not going to deal with that person again. I have to buy another copy of whats already on my pc? That's only about $250.00 worth of software even for MS Office 2007.

So if I image the system, I might be able to keep my programs but I will be taking whats wrong with the software too. I was thinking about using Macrium Reflect to do it.

I didn't know I would need to reformat before installing the os. I read if I buy a larger hard drive I need to update the BIOS. Do I need to get drivers for the motherboard too?

I have installed a modem before but not a hard drive so I don't want to leave anything out and find out the hard way something is missing from the installation.




1. First I need to decide on how to back up my stuff. And it seems like software will either image an entire drive or do file back ups. I need program back ups.

2. Next the physical swapping of the hard drives.

3. Then the restoration followed by the drivers. Am I leaving something out? How many drivers do I need to collect? Motherboard, BIOS, etc..I'm feeling a little apprehensive about installing more drivers. My computer is a Lenovo ThinkCentre A58e 0841-AEU.
  • 0

#25
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hello Diedre,
I think it's best at this point to have you start a new post in the Hardware, Components, and Peripherals forum
In order to take advantage of the widsom of some of our techs. I think that they will be able to help you better than I can here in the malware removal forum.
If the Lenovo diagnostic program tells you that your hard drive is giving SMART errors, I believe that it's true, your drive is failing. I would encourage you to leave the computer off until you actually need to backup the files on it.

Imaging your drive and restoring the image to a new drive will retain your programs, but will also bring along any lingering malware issues, and will also bring along the current drivers that you have.
You should discuss your backup and restore options with one of the techs that will pick up your topic.

You can point them back to this thread if needed, tell whoever picks up the thread that the hard drive failing has interfered with removing the malware, and that there might still be some on there.

I'm sorry we could not be more successful here in this thread.
  • 0

Advertisements


#26
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Crowbar,

Thanks for all your help.
  • 0

#27
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP