Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Userinit.exe fails to load on logon W7 32-bit

Started by FasterThanYours , Nov 20 2012 12:19 PM

  • Please log in to reply

#1
FasterThanYours
Posted 20 November 2012 - 12:19 PM

FasterThanYours

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

My kids user this computer all the time and a few weeks ago it started failing to load userinit.exe on logon. It doesn't appear that any programs have been installed, but it's hard to say with some of the sites they go too.

After you login and it goes to a blank Desktop, you can run explorer.exe and the desktop will launch.

Here's the Application Log Error at the time of log in
Faulting application name: taskhost.exe, version: 6.1.7601.17514, time stamp: 0x4ce78ca9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xbc4
Faulting application start time: 0x01cdc747bf8706c3
Faulting application path: C:\Windows\system32\taskhost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fe74eb68-333a-11e2-8eef-001e4fc94569

Faulting application name: userinit.exe, version: 6.1.7601.17514, time stamp: 0x4ce79438
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0x240
Faulting application start time: 0x01cdc747bfed61ef
Faulting application path: C:\Windows\system32\userinit.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fe751278-333a-11e2-8eef-001e4fc94569

Faulting application name: gpscript.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc578
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0x95c
Faulting application start time: 0x01cdc747bfbb6509
Faulting application path: C:\Windows\system32\gpscript.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fe79ae29-333a-11e2-8eef-001e4fc94569



OTL logfile created on: 11/20/2012 1:03:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CDC\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.20% Memory free
3.93 Gb Paging File | 2.68 Gb Available in Paging File | 68.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.90 Gb Total Space | 59.18 Gb Free Space | 39.74% Space Free | Partition Type: NTFS
Drive D: | 459.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: INF-GAME | User Name: CDC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/20 13:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CDC\Desktop\OTL.exe
PRC - [2012/11/05 14:26:37 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 14:26:13 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012/10/09 08:20:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/08/05 12:10:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/04 15:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/11/24 10:00:32 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/08/04 14:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/06/22 08:54:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2012/11/02 13:59:20 | 002,139,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2012/11/02 13:59:00 | 000,539,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\browsermngr-3.6.dll
MOD - [2012/10/09 08:20:07 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/05 12:10:43 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2012/05/21 08:38:20 | 004,089,264 | ---- | M] () -- C:\Users\CDC\AppData\Roaming\Mozilla\Firefox\Profiles\u5agp12y.default\extensions\[email protected]\plugins\npRACtrl.dll
MOD - [2012/04/11 15:59:30 | 000,008,592 | ---- | M] () -- C:\Users\CDC\AppData\Roaming\Mozilla\Firefox\Profiles\u5agp12y.default\extensions\[email protected]\plugins\x86\ractrlkeyhook.dll
MOD - [2011/03/27 15:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/01/04 15:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV - [2012/11/05 14:26:37 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 14:26:13 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012/10/09 08:20:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/11/24 10:00:32 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/04 14:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/21 07:07:54 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 08:54:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 08:54:47 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010/02/28 03:00:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2004/10/04 13:12:50 | 000,057,344 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\PRISMSVC.exe -- (PRISMSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/11/05 14:26:14 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/13 08:34:18 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 07:22:40 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 00:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/10/11 01:09:00 | 001,564,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 08:54:48 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 08:54:48 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 08:54:48 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 08:54:48 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 08:54:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/05 08:51:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/02 21:42:14 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2004/09/26 18:42:00 | 000,345,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PRISMA02.sys -- (DELL_A02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 EC 18 BA D8 F5 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{A59C167F-298F-30E1-8F0D-B7ED3F450647}: "URL" = http://www.startnow....ion=6.1-x86-SP1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.932
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.36
FF - prefs.js..extensions.enabledAddons: {dfefbe51-ca52-484b-adf0-6b158b05262d}:2.4.897.175
FF - prefs.js..extensions.enabledAddons: [email protected]:1.7.0.112
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: [email protected]:0.85.36
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.932
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0.8
FF - prefs.js..extensions.enabledItems: {dfefbe51-ca52-484b-adf0-6b158b05262d}:2.4.897.175
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 08:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected] [2012/10/31 14:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/31 14:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 09:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012/08/30 08:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins [2012/08/30 09:16:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SaveValet\extension.xpi [2012/10/10 11:17:12 | 000,080,502 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/08 23:40:56 | 000,000,000 | ---D | M]

[2010/01/02 21:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CDC\AppData\Roaming\mozilla\Extensions
[2012/11/20 13:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CDC\AppData\Roaming\mozilla\Firefox\Profiles\u5agp12y.default\extensions
[2011/06/06 17:53:44 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\CDC\AppData\Roaming\mozilla\Firefox\Profiles\u5agp12y.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2012/10/31 14:05:46 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\CDC\AppData\Roaming\mozilla\Firefox\Profiles\u5agp12y.default\extensions\[email protected]
[2012/08/14 22:32:01 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\CDC\AppData\Roaming\mozilla\Firefox\Profiles\u5agp12y.default\extensions\[email protected]
[2012/10/31 14:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CDC\AppData\Roaming\mozilla\Firefox\Profiles\u5agp12y.default\extensions\[email protected]\chrome\content\extensionCode
[2011/05/26 16:17:37 | 000,002,265 | ---- | M] () -- C:\Users\CDC\AppData\Roaming\mozilla\firefox\profiles\u5agp12y.default\searchplugins\bing-zugo.xml
[2012/11/03 09:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/01 21:12:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/04/17 16:53:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/09/13 08:35:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2012/11/08 23:40:56 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012/10/31 14:02:47 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\[email protected]
[2012/08/30 09:16:03 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/04/17 16:53:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/31 14:07:05 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\CDC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\CDC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\CDC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {517E0D3E-17A4-4592-926E-A082DB43B7D3} - No CLSID value found.
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Monitor.exe] C:\Program Files\Cisco\Monitor.exe (Linksys, a division of Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Recorder.exe] C:\Program Files\Cisco\Recorder.exe (Cisco System, Inc.)
O4 - HKCU..\Run: [3696D4361C4B0D3A336547A9A489C0D9D44DFC93._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [PDFCreatorRestart] File not found
O4 - Startup: C:\Users\CDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CDC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACEE2E84-460F-4275-8162-421B81140C6B}: NameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/01/27 18:03:41 | 000,000,034 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5cc3e67f-9d56-11de-8975-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5cc3e67f-9d56-11de-8975-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/20 13:01:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CDC\Desktop\OTL.exe
[2012/11/19 03:08:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/11 14:06:19 | 000,000,000 | ---D | C] -- C:\Users\CDC\AppData\Local\{E638F702-DE09-4FC5-AB8A-D76FB8FB883C}
[2012/11/08 23:41:18 | 000,000,000 | ---D | C] -- C:\Users\CDC\AppData\Local\{680D7C25-6CD5-4163-A3D4-E1BCF5BAE801}
[2012/11/07 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\CDC\AppData\Local\{63B17FF1-F52F-43C8-96E2-649D7B26E9DF}
[2012/10/31 14:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/10/31 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/10/31 14:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012/10/31 14:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/10/31 14:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/10/31 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/10/31 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\SaveValet
[2012/10/31 14:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\OApps

========== Files - Modified Within 30 Days ==========

[2012/11/20 13:05:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/20 13:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CDC\Desktop\OTL.exe
[2012/11/20 12:52:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/20 12:52:03 | 000,000,632 | RHS- | M] () -- C:\Users\CDC\ntuser.pol
[2012/11/20 12:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/19 03:54:52 | 000,020,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/19 03:54:52 | 000,020,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/19 03:52:05 | 000,636,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/19 03:52:05 | 000,112,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/19 03:46:48 | 000,433,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/19 03:46:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/19 03:46:06 | 1583,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/19 03:07:44 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/11/07 15:06:37 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/05 14:26:14 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/11/05 14:26:13 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/11/05 14:26:13 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

========== Files Created - No Company Name ==========

[2012/11/19 03:07:44 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/11/19 03:03:37 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/19 03:02:37 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/31 14:04:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/01/01 17:04:52 | 000,001,270 | -HS- | C] () -- C:\ProgramData\lfn355uj3jcl84iv5x468t5qwhvsl7kf0vkld
[2011/05/21 11:19:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/05 18:39:07 | 000,004,608 | ---- | C] () -- C:\Users\CDC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 21:13:23 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/12/28 21:13:23 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/12/28 21:13:23 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/12/28 21:13:23 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/12/28 21:13:23 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/12/28 21:13:23 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/12/08 20:51:02 | 000,000,632 | RHS- | C] () -- C:\Users\CDC\ntuser.pol
[2010/09/09 17:51:14 | 000,000,000 | ---- | C] () -- C:\Users\CDC\AppData\Local\prvlcl.dat
[2009/09/09 09:12:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2012/02/29 12:58:31 | 000,004,754 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3895782885-2875178663-1025675371-1005\$RB7JB6B\l.png
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/12 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\AVG9
[2010/02/08 19:12:49 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/11/11 14:12:01 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\Dropbox
[2011/05/10 14:43:19 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\FileZilla
[2011/12/26 17:24:46 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\Oberon Media
[2010/01/02 23:12:28 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\SPORE
[2010/12/29 18:08:38 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\Ulead Systems
[2012/11/11 14:13:49 | 000,000,000 | ---D | M] -- C:\Users\CDC\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1CC41DD2

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP