Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

2nd hand laptop, at least Isearch and Search Conduit present


  • This topic is locked This topic is locked

#1
Admirgency

Admirgency

    Member

  • Member
  • PipPip
  • 97 posts
I've written explannation on the workcomp Gringo investigates, during MS Updates and OTLscan. This laptop is bought to replace the old offline workcomp with illegal Windows XP pro. I'll give you the OTL.txt, then log out and post some explannation from the other comp.

OTL logfile created on: 26-5-2013 21:09:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\laptop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1015,24 Mb Total Physical Memory | 410,40 Mb Available Physical Memory | 40,42% Memory free
1,99 Gb Paging File | 1,18 Gb Available in Paging File | 59,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,11 Gb Total Space | 106,56 Gb Free Space | 72,93% Space Free | Partition Type: NTFS

Computer Name: LAPTOP1 | User Name: laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-26 21:04:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\laptop\Desktop\1 OTL.exe
PRC - [2013-03-22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2013-01-26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\laptop\AppData\Local\Akamai\netsession_win.exe
PRC - [2012-08-13 11:45:10 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012-08-13 11:45:10 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013-03-22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2013-03-22 16:08:36 | 002,520,016 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012-08-10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-01-27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013-01-27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-05-15 13:22:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-14 08:34:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-01-20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-06-27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010-11-11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010-11-11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009-06-10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007-08-09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 8C 44 E2 9B 2E CD 01 [binary data]
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...00000224370d46c
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\SearchScopes\{92545698-72D7-4278-8DBD-0BB7AA968F1F}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-694970264-576139620-3363980065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-14 08:34:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-14 08:34:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013-03-24 23:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laptop\AppData\Roaming\mozilla\Extensions
[2013-03-25 21:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laptop\AppData\Roaming\mozilla\Firefox\Profiles\gqtt7xlc.default\Extensions
[2013-03-24 23:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-05-14 08:34:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-03-07 17:22:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013-03-07 17:22:29 | 000,002,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2013-03-07 17:22:29 | 000,004,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2013-03-07 17:22:29 | 000,001,262 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://isearch.glary...com/?src=gchome
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\laptop\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\laptop\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\laptop\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: WiseConvert = C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\2.3.4.2_0\
CHR - Extension: Google Zoeken = C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-05-18 11:13:20 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-694970264-576139620-3363980065-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-694970264-576139620-3363980065-1000..\Run: [Akamai NetSession Interface] C:\Users\laptop\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{689EAF25-A3D7-4B6E-B0A8-0B00437E8FD2}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5e9650e3-b1af-11e1-9783-00248c434143}\Shell - "" = AutoRun
O33 - MountPoints2\{5e9650e3-b1af-11e1-9783-00248c434143}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9b9e0dca-6be7-11e2-b9e3-00248c434143}\Shell - "" = AutoRun
O33 - MountPoints2\{9b9e0dca-6be7-11e2-b9e3-00248c434143}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-05-26 21:04:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\laptop\Desktop\1 OTL.exe
[2013-05-26 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013-05-26 16:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-05-14 12:23:19 | 000,000,000 | ---D | C] -- C:\Users\laptop\AppData\Roaming\OpenOffice.org
[2013-05-14 12:11:11 | 000,000,000 | --SD | C] -- C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013-05-14 12:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

========== Files - Modified Within 30 Days ==========

[2013-05-26 21:04:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\laptop\Desktop\1 OTL.exe
[2013-05-26 20:46:59 | 000,010,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-26 20:46:59 | 000,010,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-26 20:43:53 | 001,549,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-26 20:43:53 | 000,701,564 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-05-26 20:43:53 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-05-26 20:43:53 | 000,133,564 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-05-26 20:43:53 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-05-26 20:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-26 20:38:40 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2013-05-26 20:22:06 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-26 18:31:41 | 000,294,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-26 17:18:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-05-26 17:18:30 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013-05-26 11:55:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-05-17 14:15:35 | 000,009,444 | ---- | M] () -- C:\Users\laptop\Documents\Klantenregister Zelfkrant.ods
[2013-05-14 12:23:41 | 000,001,235 | ---- | M] () -- C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013-05-14 12:11:19 | 000,001,248 | ---- | M] () -- C:\Users\laptop\Desktop\OpenOffice.org 3.4.1.lnk

========== Files Created - No Company Name ==========

[2013-05-26 18:16:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013-05-26 18:11:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013-05-26 17:18:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-05-26 17:18:30 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-05-17 13:07:40 | 000,009,444 | ---- | C] () -- C:\Users\laptop\Documents\Klantenregister Zelfkrant.ods
[2013-05-14 12:23:40 | 000,001,235 | ---- | C] () -- C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013-05-14 12:11:19 | 000,001,248 | ---- | C] () -- C:\Users\laptop\Desktop\OpenOffice.org 3.4.1.lnk
[2012-04-13 23:10:37 | 001,552,144 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-13 22:35:05 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-01-10 09:08:37 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\Azureus
[2012-12-11 07:56:38 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\Babylon
[2013-03-24 23:28:34 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\gnupg
[2012-12-11 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\OpenCandy
[2013-05-14 12:23:19 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\OpenOffice.org
[2013-01-08 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\PerformerSoft
[2013-01-08 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\Systweak
[2012-04-13 21:15:18 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
"New" comp to check, at least Search Conduit and Isearch present.




Windows 7 home premium SP1, 64b ;

Asus X58LE laptop with Intel Dualcore.




We bought this laptop about 2 weeks agofrom an employee who worked here for a month. Last Friday he quit and since then it is in my care. This morning i took a look.




Windows 7 is installed (not upgraded)in april 2012. We have no licence key for 7, it is build as a Vista-comp. Barely readable, i have the Vista Licence-key but theGenuine Windows sticker is damaged to much to see what version Vista should be installed. I'll have to check with ASUS also becouse we don't have an Asus installationdisk nor an Asusinstallation-partition for the propper ASUS-version of Vista.

[edit] in the meanwhile i found 1 Asus-installer in FF downloadfolder.[/edit]




Windows Vallidation failed, however itis not yet known if this Win 7 version is illegal, due to unknown error. Vallidation just might temprarily not have been available on Microsofts end. I'll have to check back on that. In the meanwhile essential and optional MS/Windows updates do work. There are no hidden updates to repair.




Despite the computer being used 2 to 20times per month, as shown by MS SE updates, the other MS (incl.Windows) updates were not installed. This former employee has been fooling around on Youtube and other websites every day on that laptop, since we bought it. All the time ignoring the WU-message fromSytem Tray. The System-tray messages are how they should be.




In Internet Options i saw SearchConduit being "My Startpage", thus i clicked "Set to Standard",expecting MSN-startpage. However it changed to Isearch startpage.Checking IE via Sartmenu → IE-icon → rightclick → Properties, isaw IE has not been used since 22nd of april 2012, a little more then a week after installation of Win 7. If Isearch and Search Conduit are not present in Firefox (don't know yet), then they already nested in that 1st week.




Becouse of the above, i also did not check yet what IE-version we can use, 32 or 64 b. There's only 1 iconpresent in startmenu, only 1 pinned to Windows 7 taskbar, non instart → all programs. I think in light of your investigation at GeeksToGo, it is a shame to use IE when it hasn't been used for ayear. For the same reason i regret i let it update from IE 9 to IE10.




Firefox is standard browser, i set preferences to my liking except for not emptieing (search, downloadand other) hystory, and proxysetting. I'ld have automatic detection set on a home-pc but i am not used to wireless/mobile, so i left that as "sytem setting". No passwords were (visibly) saved (in FF) becouse Facebook & Google acc's are made exceptions to the rule to automaticly save passwords.

Mail was set to always ask with nostandard mail-acc..



No other browser installed though Torbrowser installer is present in the downloads-folder.



We actually need MS Office on this laptop, and former employee offered to download it from illegal sources. Another time former employee boasted he has been a hacker in the past but that's a lie. He either has never been hacker and still does not know much about computers, or he still is a hacker and made it easy on himself to hack the laptop we bought from him. I'ld say hehas never been a hacker becouse he used the comp for 11 months without propperly updating it since june last year.




(SUN) Java was out of date, (Adobe) Flash player & ActiveX were updated. I emptied Java- and Flash-caches but if there would be malware present it might not've been removed with the standard removal via Config Screen → Java andConfig Screen → Flash.




Every time i close or reboot, something has to be closed first, not always know what that application is. When known it can be Windows Search or a Host-file disturbing logging off from the computer-account (and ofcourse Configscreen → WindowsUpdates).




Windows Vallidation now states this MSservice indeed is not available. Before it stated it might not beavailable. Therefore the Windowsversion on the laptop is not vallidated but also not invallidated yet.




Extremely gratefull for your help,

Admirgency.


[editted spelling and gramar]

[edit 2] there's a Softonic download for MS Office 2003 sp1 in the downloadsfolder.

Edited by Admirgency, 26 May 2013 - 02:03 PM.

  • 0

#3
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
This morning Win 7 validation of this laptop still was interupted. When taking ScrSh's at the other comp checked by Gringo, our boss demanded access to this laptop. He got mad at me for "ruining all computers" while the problem was Open Office being installed for one user so it did not work in the guest-acc i created (yes untill now this laptop was used from witin owner-acc without a password). I created a User-acc for him and uninstalled/re-installed Open Office for all users and for handheld devices. 2 desktop-assesoires were installed and a visitor searched for more, since the nowadays app's replacing the assesoires didn't suit us. I could stop this visitor just in time to not use Softonic downloads. Nothing more was installed.

Since changes to the laptop were made anyway, and realizing it's important for (me and) you to know before you invest to much time in this laptop, i went on trying to validate. :
Tried to validate a few more times, every time it was interupted. I checked at the other work-comp and for that XP-comp the validation service was available while not for this Win-7-laptop. Troubleshooting on (the apparent) Windows Validation-page sugested to uninstall kb971033, Windows Activation Technologies. I did not fully trust that and did some research. At social.technet.microsoft i first got results where only regular members answered and repeated the recommendation to uninstall kb 971033. At last i found a post from a MCCpartner leading to a misplaced thread where a Win-7-validation question was placed at Vista-validation forum. The moderator answered anyway and i thus got to http://www.microsoft.com/genuine/diag/, where browsersettings were checked to not hinder validation (all OK) and then to the download of MGADiag.
At least i now have part of the windows 7 validation key and there's no tampered validation file found.

At the moment i run a MS SE scan, excuse me. At 50% of cpu-usage and scanning for an hour, it is nearly at a 3rd through the scan.

If you want the full MGADiag-log i'll be happy to give it, and if you need a new OTL.txt just tell me.

Thanks,
Admigency.


[edit]
(MS SE scan finished, no threat found, in fact no threat found since installation or at least no results present anymore)

I can imagine the Windows Vallidation issue must be resolved first. If you want me to go to Windows 7 vallidation forum please tell me and you can close this thread untill proven legal or replaced with a legal OS, however needed.

Edited by Admirgency, 27 May 2013 - 12:26 PM.

  • 0

#4
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Sory, i went ahead to MS forum for validation.
  • 0

#5
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
This thread can be closed.

Windows on the laptop prooved to be a pirated OEM SLP version. I'll try installing Vista in the hope the ligitimate licence key has not been over-used.

Admirgency.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP