also when i do a search online i get redirected to other pages sometimes. please help thanks in advance
need help again thanks
Started by
yoonekmason
, Dec 04 2012 06:54 PM
#1
Posted 04 December 2012 - 06:54 PM
also when i do a search online i get redirected to other pages sometimes. please help thanks in advance
#2
Posted 04 December 2012 - 07:19 PM
otl report
OTL logfile created on: 12/4/2012 7:02:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.73% Memory free
5.93 Gb Paging File | 4.51 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 241.69 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/04 18:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/09/12 15:02:57 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/29 10:23:10 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/08/20 03:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 03:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 00:16:26 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/03 00:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/15 14:22:01 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a41ce1b6f77a65783d1c0d3a4223559f\System.ServiceProcess.ni.dll
MOD - [2012/07/15 14:19:51 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6e2e6c933b6f13a9bcac17c9a8350f83\System.Xaml.ni.dll
MOD - [2012/07/14 17:06:18 | 018,017,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5e234618000edb585e4307e30a5eb085\PresentationFramework.ni.dll
MOD - [2012/07/14 17:06:02 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\334f4a2b874af82700a37098b4b27e50\PresentationCore.ni.dll
MOD - [2012/07/14 17:05:49 | 003,879,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\eca1bc38b28d3caf12dc3f6469c2be90\WindowsBase.ni.dll
MOD - [2012/07/14 16:57:51 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a77b7b58c3a6b12d8e1d4862a5e4707c\System.Core.ni.dll
MOD - [2012/07/14 16:57:48 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\27db9abf05348711baf8ce46589ea251\System.Xml.ni.dll
MOD - [2012/07/14 16:57:44 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b8c47ff8eba1c63c4b5d50fe571cac5a\System.Configuration.ni.dll
MOD - [2012/07/14 16:57:42 | 009,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d9f2d9f4d4bda48670bdae6555fec6dd\System.ni.dll
MOD - [2012/07/14 16:57:35 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
========== Services (SafeList) ==========
SRV - [2012/09/12 15:02:57 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/20 03:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 03:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{70A25C06-05AE-FA05-DEA8-5B1D8964EB26}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 58 65 89 C3 62 CD 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {80883CE5-7626-43D9-9D0D-B3DCB8F2F99A}
IE - HKCU\..\SearchScopes\{80883CE5-7626-43D9-9D0D-B3DCB8F2F99A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{B3EF95A0-CA3B-4900-8AE7-938D459E2615}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
[2012/09/12 15:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/11/22 08:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/15 14:00:49 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[1619/09/22 07:01:01 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
O1 HOSTS File: ([2012/10/16 20:53:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Ahead] C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll (Free Software Foundation)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F}: NameServer = 198.224.181.135 198.224.178.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9}: NameServer = 198.224.181.135 198.224.178.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90BECC8D-054C-4C53-B679-8CC4F9FCFABB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/04 18:56:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/11/21 12:16:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2012/11/18 19:32:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/18 19:32:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/18 19:32:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/18 19:32:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/18 19:32:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/18 19:32:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/14 20:19:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/04 18:59:31 | 000,752,128 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe
[2012/12/04 18:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/12/04 18:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 08:11:54 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/04 18:59:31 | 000,752,128 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe
[2012/09/11 18:53:49 | 000,000,112 | ---- | C] () -- C:\ProgramData\p6N6d7.dat
[2012/07/15 14:01:05 | 000,384,844 | ---- | C] () -- C:\Users\user\AppData\Local\funmoods-speeddial.crx
[2012/05/30 10:29:12 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/05/30 10:29:02 | 000,001,024 | ---- | C] () -- C:\Users\user\.rnd
[2012/05/30 09:47:42 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/30 09:44:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/30 09:27:59 | 000,002,107 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2012/05/30 09:27:59 | 000,000,641 | ---- | C] () -- C:\Windows\Remover.ini
[2012/05/29 16:54:06 | 000,000,876 | ---- | C] () -- C:\Users\user\Downloads.lnk
[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
========== ZeroAccess Check ==========
[2011/11/17 01:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\@
[2012/12/01 07:52:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L
[2012/12/04 18:58:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U
[2012/12/01 08:01:44 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000004.@
[2012/11/22 08:34:52 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000008.@
[2012/11/22 08:34:48 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\000000cb.@
[2012/11/22 08:39:04 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000000.@
[2012/12/04 18:58:09 | 000,096,256 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000032.@
[2012/12/01 07:52:27 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000064.@
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/12/01 08:11:59 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/12/01 08:11:59 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
OTL logfile created on: 12/4/2012 7:02:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.73% Memory free
5.93 Gb Paging File | 4.51 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 241.69 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/04 18:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/09/12 15:02:57 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/29 10:23:10 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/08/20 03:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 03:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 00:16:26 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/03 00:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/15 14:22:01 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a41ce1b6f77a65783d1c0d3a4223559f\System.ServiceProcess.ni.dll
MOD - [2012/07/15 14:19:51 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6e2e6c933b6f13a9bcac17c9a8350f83\System.Xaml.ni.dll
MOD - [2012/07/14 17:06:18 | 018,017,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5e234618000edb585e4307e30a5eb085\PresentationFramework.ni.dll
MOD - [2012/07/14 17:06:02 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\334f4a2b874af82700a37098b4b27e50\PresentationCore.ni.dll
MOD - [2012/07/14 17:05:49 | 003,879,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\eca1bc38b28d3caf12dc3f6469c2be90\WindowsBase.ni.dll
MOD - [2012/07/14 16:57:51 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a77b7b58c3a6b12d8e1d4862a5e4707c\System.Core.ni.dll
MOD - [2012/07/14 16:57:48 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\27db9abf05348711baf8ce46589ea251\System.Xml.ni.dll
MOD - [2012/07/14 16:57:44 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b8c47ff8eba1c63c4b5d50fe571cac5a\System.Configuration.ni.dll
MOD - [2012/07/14 16:57:42 | 009,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d9f2d9f4d4bda48670bdae6555fec6dd\System.ni.dll
MOD - [2012/07/14 16:57:35 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
========== Services (SafeList) ==========
SRV - [2012/09/12 15:02:57 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/20 03:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 03:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{70A25C06-05AE-FA05-DEA8-5B1D8964EB26}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 58 65 89 C3 62 CD 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {80883CE5-7626-43D9-9D0D-B3DCB8F2F99A}
IE - HKCU\..\SearchScopes\{80883CE5-7626-43D9-9D0D-B3DCB8F2F99A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{B3EF95A0-CA3B-4900-8AE7-938D459E2615}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
[2012/09/12 15:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/11/22 08:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/15 14:00:49 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[1619/09/22 07:01:01 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
O1 HOSTS File: ([2012/10/16 20:53:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Ahead] C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll (Free Software Foundation)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F}: NameServer = 198.224.181.135 198.224.178.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9}: NameServer = 198.224.181.135 198.224.178.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90BECC8D-054C-4C53-B679-8CC4F9FCFABB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/04 18:56:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/11/21 12:16:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2012/11/18 19:32:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/18 19:32:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/18 19:32:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/18 19:32:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/18 19:32:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/18 19:32:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/14 20:19:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/04 18:59:31 | 000,752,128 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe
[2012/12/04 18:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/12/04 18:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 08:11:54 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/04 18:59:31 | 000,752,128 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe
[2012/09/11 18:53:49 | 000,000,112 | ---- | C] () -- C:\ProgramData\p6N6d7.dat
[2012/07/15 14:01:05 | 000,384,844 | ---- | C] () -- C:\Users\user\AppData\Local\funmoods-speeddial.crx
[2012/05/30 10:29:12 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/05/30 10:29:02 | 000,001,024 | ---- | C] () -- C:\Users\user\.rnd
[2012/05/30 09:47:42 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/30 09:44:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/30 09:27:59 | 000,002,107 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2012/05/30 09:27:59 | 000,000,641 | ---- | C] () -- C:\Windows\Remover.ini
[2012/05/29 16:54:06 | 000,000,876 | ---- | C] () -- C:\Users\user\Downloads.lnk
[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
========== ZeroAccess Check ==========
[2011/11/17 01:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\@
[2012/12/01 07:52:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L
[2012/12/04 18:58:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U
[2012/12/01 08:01:44 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000004.@
[2012/11/22 08:34:52 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000008.@
[2012/11/22 08:34:48 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\000000cb.@
[2012/11/22 08:39:04 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000000.@
[2012/12/04 18:58:09 | 000,096,256 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000032.@
[2012/12/01 07:52:27 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000064.@
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/12/01 08:11:59 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/12/01 08:11:59 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
#3
Posted 04 December 2012 - 07:20 PM
otl extras
OTL Extras logfile created on: 12/4/2012 7:02:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.73% Memory free
5.93 Gb Paging File | 4.51 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 241.69 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044B477C-3AF5-4DF2-A946-200C2C9E8933}" = ASUS USB2.0 UVC VGA WebCam
"{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}" = Verizon Wireless UML290 Firmware Updates
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E8FF4A8-10EE-4C95-83B2-73856BFE1033}" = Nero 8 Essentials
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C0759E71-7BEC-42AB-BFFF-D53DEC0402F8}" = VZAccess Manager
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/4/2012 9:00:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x15f8 Faulting application
start time: 0x01cdd283e64e231c Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 240f91bb-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:01:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x12dc Faulting application
start time: 0x01cdd2840a4b82ac Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 47ff31ad-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:02:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x13cc Faulting application
start time: 0x01cdd2842e25efa2 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 6bd99ea3-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:03:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x10b0 Faulting application
start time: 0x01cdd28451fe4862 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 8fb1f763-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:04:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x14b8 Faulting application
start time: 0x01cdd28475db63e3 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: b3917444-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:05:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0xd20 Faulting application
start time: 0x01cdd28499d50fe7 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: d78b2049-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:06:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0xf2c Faulting application
start time: 0x01cdd284bdb48cc8 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: fb6f5fea-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:07:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x748 Faulting application
start time: 0x01cdd284e1966b0a Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 1f4c7b6b-3e78-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:08:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x17b4 Faulting application
start time: 0x01cdd2850575e7eb Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 432bf84c-3e78-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:09:23 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x11c0 Faulting application
start time: 0x01cdd2852953036c Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 670913cd-3e78-11e2-8a77-e0cb4e1a7587
[ Media Center Events ]
Error - 11/22/2012 5:07:15 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 3:07:15 PM - Error connecting to the internet. 3:07:15 PM - Unable
to contact server..
Error - 11/23/2012 2:03:04 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 3:07:20 PM - Error connecting to the internet. 3:07:20 PM - Unable
to contact server..
Error - 11/23/2012 8:51:37 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 6:51:36 AM - Error connecting to the internet. 6:51:37 AM - Unable
to contact server..
Error - 11/23/2012 9:48:15 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:47:51 AM - Error connecting to the internet. 7:47:51 AM - Unable
to contact server..
Error - 11/24/2012 1:55:12 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 11:54:57 PM - Error connecting to the internet. 11:54:57 PM - Unable
to contact server..
Error - 12/3/2012 3:34:31 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 1:34:29 AM - Error connecting to the internet. 1:34:29 AM - Unable
to contact server..
Error - 12/3/2012 9:54:58 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:54:56 PM - Error connecting to the internet. 7:54:58 PM - Unable
to contact server..
Error - 12/3/2012 9:55:19 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:55:03 PM - Error connecting to the internet. 7:55:03 PM - Unable
to contact server..
[ System Events ]
Error - 12/4/2012 2:44:47 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 2:44:47 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
Error - 12/4/2012 2:45:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 2:45:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
Error - 12/4/2012 8:38:19 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 12/4/2012 8:38:19 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 12/4/2012 8:42:12 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 8:42:12 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
Error - 12/4/2012 8:42:42 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 8:42:42 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
< End of report >
OTL Extras logfile created on: 12/4/2012 7:02:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.73% Memory free
5.93 Gb Paging File | 4.51 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 241.69 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044B477C-3AF5-4DF2-A946-200C2C9E8933}" = ASUS USB2.0 UVC VGA WebCam
"{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}" = Verizon Wireless UML290 Firmware Updates
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E8FF4A8-10EE-4C95-83B2-73856BFE1033}" = Nero 8 Essentials
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C0759E71-7BEC-42AB-BFFF-D53DEC0402F8}" = VZAccess Manager
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/4/2012 9:00:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x15f8 Faulting application
start time: 0x01cdd283e64e231c Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 240f91bb-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:01:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x12dc Faulting application
start time: 0x01cdd2840a4b82ac Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 47ff31ad-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:02:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x13cc Faulting application
start time: 0x01cdd2842e25efa2 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 6bd99ea3-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:03:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x10b0 Faulting application
start time: 0x01cdd28451fe4862 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 8fb1f763-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:04:21 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x14b8 Faulting application
start time: 0x01cdd28475db63e3 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: b3917444-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:05:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0xd20 Faulting application
start time: 0x01cdd28499d50fe7 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: d78b2049-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:06:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0xf2c Faulting application
start time: 0x01cdd284bdb48cc8 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: fb6f5fea-3e77-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:07:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x748 Faulting application
start time: 0x01cdd284e1966b0a Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 1f4c7b6b-3e78-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:08:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x17b4 Faulting application
start time: 0x01cdd2850575e7eb Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 432bf84c-3e78-11e2-8a77-e0cb4e1a7587
Error - 12/4/2012 9:09:23 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73e0c9f1 Faulting process id: 0x11c0 Faulting application
start time: 0x01cdd2852953036c Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 670913cd-3e78-11e2-8a77-e0cb4e1a7587
[ Media Center Events ]
Error - 11/22/2012 5:07:15 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 3:07:15 PM - Error connecting to the internet. 3:07:15 PM - Unable
to contact server..
Error - 11/23/2012 2:03:04 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 3:07:20 PM - Error connecting to the internet. 3:07:20 PM - Unable
to contact server..
Error - 11/23/2012 8:51:37 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 6:51:36 AM - Error connecting to the internet. 6:51:37 AM - Unable
to contact server..
Error - 11/23/2012 9:48:15 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:47:51 AM - Error connecting to the internet. 7:47:51 AM - Unable
to contact server..
Error - 11/24/2012 1:55:12 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 11:54:57 PM - Error connecting to the internet. 11:54:57 PM - Unable
to contact server..
Error - 12/3/2012 3:34:31 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 1:34:29 AM - Error connecting to the internet. 1:34:29 AM - Unable
to contact server..
Error - 12/3/2012 9:54:58 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:54:56 PM - Error connecting to the internet. 7:54:58 PM - Unable
to contact server..
Error - 12/3/2012 9:55:19 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:55:03 PM - Error connecting to the internet. 7:55:03 PM - Unable
to contact server..
[ System Events ]
Error - 12/4/2012 2:44:47 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 2:44:47 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
Error - 12/4/2012 2:45:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 2:45:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
Error - 12/4/2012 8:38:19 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 12/4/2012 8:38:19 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 12/4/2012 8:42:12 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 8:42:12 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
Error - 12/4/2012 8:42:42 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.
Error - 12/4/2012 8:42:42 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053
< End of report >
#4
Posted 04 December 2012 - 07:21 PM
rogue killer report
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 12/04/2012 19:14:11
¤¤¤ Bad processes : 2 ¤¤¤
[][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][NOTFOUND] HKCU\[...]\Run : Ahead (rundll32.exe "C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll",DllRegisterServerW) -> FOUND
[RUN][NOTFOUND] HKUS\S-1-5-21-736879701-1355106137-3946325760-1000[...]\Run : Ahead (rundll32.exe "C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll",DllRegisterServerW) -> FOUND
[TASK][RESIDUE] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> FOUND
[TASK][RESIDUE] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> FOUND
[TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> FOUND
[TASK][RESIDUE] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> FOUND
[TASK][RESIDUE] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] b41c4992f586a00861f2f1064379a643
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30922752 | Size: 290145 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12042012_02d1914.txt >>
RKreport[1]_S_12042012_02d1914.txt
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 12/04/2012 19:14:11
¤¤¤ Bad processes : 2 ¤¤¤
[][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][NOTFOUND] HKCU\[...]\Run : Ahead (rundll32.exe "C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll",DllRegisterServerW) -> FOUND
[RUN][NOTFOUND] HKUS\S-1-5-21-736879701-1355106137-3946325760-1000[...]\Run : Ahead (rundll32.exe "C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll",DllRegisterServerW) -> FOUND
[TASK][RESIDUE] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> FOUND
[TASK][RESIDUE] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> FOUND
[TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> FOUND
[TASK][RESIDUE] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> FOUND
[TASK][RESIDUE] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] b41c4992f586a00861f2f1064379a643
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30922752 | Size: 290145 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12042012_02d1914.txt >>
RKreport[1]_S_12042012_02d1914.txt
#5
Posted 04 December 2012 - 07:21 PM
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 12/04/2012 19:14:46
¤¤¤ Bad processes : 2 ¤¤¤
[][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][NOTFOUND] HKCU\[...]\Run : Ahead (rundll32.exe "C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll",DllRegisterServerW) -> DELETED
[TASK][RESIDUE] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> DELETED
[TASK][RESIDUE] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> DELETED
[TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> DELETED
[TASK][RESIDUE] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> DELETED
[TASK][RESIDUE] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\@ --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\U --> REMOVED
[Del.Parent][FILE] 4cce1f70 : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L\4cce1f70 --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] b41c4992f586a00861f2f1064379a643
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30922752 | Size: 290145 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_12042012_02d1914.txt >>
RKreport[1]_S_12042012_02d1914.txt ; RKreport[2]_D_12042012_02d1914.txt
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 12/04/2012 19:14:46
¤¤¤ Bad processes : 2 ¤¤¤
[][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][NOTFOUND] HKCU\[...]\Run : Ahead (rundll32.exe "C:\Users\user\AppData\Local\AVG Secure Search\Ahead\zknih.dll",DllRegisterServerW) -> DELETED
[TASK][RESIDUE] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> DELETED
[TASK][RESIDUE] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> DELETED
[TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> DELETED
[TASK][RESIDUE] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> DELETED
[TASK][RESIDUE] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{23205B16-332C-4B97-94BC-261870171E3F} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{845FDAF7-CA43-4C02-A439-8C60F03474C9} : NameServer (198.224.181.135 198.224.178.135) -> NOT REMOVED, USE DNSFIX
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\@ --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\U --> REMOVED
[Del.Parent][FILE] 4cce1f70 : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L\4cce1f70 --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e4f9fd14-ed1c-92f1-a123-fd86f095eda4}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-736879701-1355106137-3946325760-1000\$e4f9fd14ed1c92f1a123fd86f095eda4\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] b41c4992f586a00861f2f1064379a643
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30922752 | Size: 290145 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_12042012_02d1914.txt >>
RKreport[1]_S_12042012_02d1914.txt ; RKreport[2]_D_12042012_02d1914.txt
#6
Posted 04 December 2012 - 07:22 PM
Also please tell me what programs should i delete from my cpu and what programs I should download or keep on here to protect my self from things like this.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users