Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Virus -- Win7 Home 64-bit [Solved]

Started by cramit02 , May 31 2013 10:04 PM

  • This topic is locked This topic is locked

#31
Essexboy
Posted 07 June 2013 - 03:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Certainly you may continue in this thread, if it is the same infection and you are unable to access windows then let me know the operating system and I will put together the tools required
  • 0

Advertisements

#32
cramit02
Posted 12 June 2013 - 01:44 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Fantastic, thanks. I'll update this thread when I have an OTL log from the 2nd computer.
  • 0

#33
Essexboy
Posted 12 June 2013 - 02:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ready and waiting :)
  • 0

#34
cramit02
Posted 20 June 2013 - 12:24 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Alrighty, just received the device... it boots, gives me the white screen and cursor. No right click options, no ctrl-alt-del option (when I do the cursor switches to busy and back to idle). Safe Mode doesn't seem to be working, when I select any safe mode it loads the drivers then loops back to the initial startup 'hp' screen.
  • 0

#35
Essexboy
Posted 20 June 2013 - 12:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the operating system and is it 32 or 64 bit ? You will need a USB stick to begin with
  • 0

#36
cramit02
Posted 20 June 2013 - 12:59 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Windows Pro XP SP3 32bit. USB stick in hand
  • 0

#37
Essexboy
Posted 20 June 2013 - 01:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One XP boot drive ready :)

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

Posted Image

Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive

Posted Image


Select OTLPE standard

Posted Image

Click Extract, ensure that desktop is selected

Posted Image

Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image

Once the USB has burnt then

[*]Download Farbar Recovery Scan Tool and save it to the flash drive.

  • Reboot your system using the boot USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
  • Locate the flash drive and run FSRT
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#38
cramit02
Posted 21 June 2013 - 08:46 AM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
==EDIT: README==
---2nd Post 10:52a EST---
I hit the power button briefly and the white screen disappeared and I was able to gain access to the Task Manager. Desktop is responsive, I'm updating MBAM and SAS.

Next move? After updating MBAM and SAS I will *NOT* proceed w/o your input, will leave the computer alone w the desktop available, etc.


---Original Post 10:48a EST---
Configured USB, set boot order on the computer to USB as the first device... it seems to skip right in to Windows startup. Startup tune, desktop for 2 seconds (no ctrl-alt-del), then white screen. It's an hp Compaq with no recovery media. Instead of a USB could I try to burn the ISO to a cd? If so, how should I get FRST on to the disk as well?

Edited by cramit02, 21 June 2013 - 08:54 AM.

  • 0

#39
Essexboy
Posted 21 June 2013 - 09:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK spooky lets run an OTL scan

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#40
cramit02
Posted 21 June 2013 - 09:31 AM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OTL Log:

OTL logfile created on: 6/15/2013 9:56:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\eamuser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.30% Memory free
3.83 Gb Paging File | 2.58 Gb Available in Paging File | 67.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 135.14 Gb Free Space | 90.67% Space Free | Partition Type: NTFS

Computer Name: AUSR-EAM-01 | User Name: eamuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/15 09:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eamuser\Desktop\OTL.exe
PRC - [2013/06/15 09:30:06 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/06/07 23:28:12 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/07 23:28:08 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/03/01 15:16:40 | 000,847,872 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MNDSHF73467808252560\AgentMon.exe
PRC - [2012/12/11 08:46:40 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/11/29 12:56:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/05/01 11:17:22 | 000,438,272 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2012/04/16 08:06:40 | 000,218,160 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
PRC - [2012/03/21 16:50:54 | 000,409,600 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MNDSHF73467808252560\KaUsrTsk.exe
PRC - [2012/02/21 09:04:11 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/02/21 09:04:09 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/02/21 09:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/01/01 21:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/25 12:46:22 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/07 05:00:43 | 000,131,072 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\KAgentExt.dll
MOD - [2012/01/01 21:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/11/07 13:21:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\libkacm.dll
MOD - [2008/08/21 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/08/21 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/06/07 23:28:12 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 23:28:08 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/15 09:51:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/01 15:16:40 | 000,847,872 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files\Kaseya\MNDSHF73467808252560\AgentMon.exe -- (KAMNDSHF73467808252560)
SRV - [2012/12/11 08:46:40 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/05/01 11:17:22 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2012/04/16 08:06:40 | 000,218,160 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)
SRV - [2012/02/21 09:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/07/25 12:46:22 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/07 23:28:24 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/04/30 10:57:00 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/12 18:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/16 08:38:38 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130425.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 08:38:37 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130425.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/04 18:16:20 | 000,020,096 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
DRV - [2012/11/29 12:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/08/31 19:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130424.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 08:38:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 08:38:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/05/03 10:43:04 | 000,296,448 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWRmNet_001.sys -- (NWRmNet_001)
DRV - [2012/05/03 10:43:04 | 000,235,520 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_001.sys -- (NWUSBPort2_001)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_001.sys -- (NWUSBPort_001)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_001.sys -- (NWUSBModem_001)
DRV - [2012/04/16 08:43:04 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/16 22:38:00 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/10/27 01:18:45 | 000,120,432 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 19:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/09/21 15:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/07/23 13:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/06/17 17:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/12/06 16:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=31
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes,DefaultScope = {9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/04/16 08:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/06/15 09:25:22 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/24 08:06:00 | 000,000,781 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 IntelAMT # LMS GENERATED LINE
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [KASHMNDSHF73467808252560] C:\Program Files\Kaseya\MNDSHF73467808252560\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003..\Run: [] C:\Documents and Settings\eamuser\msconfig.exe (FileZilla Project)
O4 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003..\Run: [Mozilla] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1334262589828 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.47.41 10.1.0.238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECB473B-C9AE-4F36-A19B-69F71F4DA551}: DhcpNameServer = 192.168.47.41 10.1.0.238
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003 Winlogon: Shell - (C:\Documents and Settings\eamuser\Application Data\skype.dat) - C:\Documents and Settings\eamuser\Application Data\skype.dat (HSN Software LLC)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/12 12:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 09:55:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\eamuser\Desktop\OTL.exe
[2013/05/30 11:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2013/05/30 08:04:17 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\vlcplayer.exe
[2013/05/30 08:04:15 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Documents and Settings\eamuser\windowsupdate.exe
[2013/05/30 07:59:30 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\flashplayer.exe
[2013/05/30 07:59:30 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\chrome.exe
[2013/05/30 07:59:28 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Documents and Settings\eamuser\acrobat.exe
[2013/05/30 07:59:28 | 000,122,368 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\msconfig.exe
[2013/05/30 06:08:57 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/05/20 07:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eamuser\Desktop\Unused Desktop Shortcuts
[2013/03/27 07:55:20 | 000,212,638 | ---- | C] (Lurcom Ltd) -- C:\Documents and Settings\eamuser\2162610.exe
[2008/08/21 07:00:00 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Documents and Settings\eamuser\Application Data\skype.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/15 09:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eamuser\Desktop\OTL.exe
[2013/06/15 09:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/15 09:31:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/15 09:27:05 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\eamuser\Application Data\skype.ini
[2013/06/15 09:25:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/15 09:24:54 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 09:24:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/14 13:04:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/07 23:28:24 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2013/06/07 23:28:16 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2013/06/07 23:28:16 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2013/05/30 11:02:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/30 08:04:21 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\eamuser\spoolsv.exe
[2013/05/30 08:04:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\iexplore.exe
[2013/05/30 08:04:18 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\vlcplayer.exe
[2013/05/30 08:04:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\rundll32.exe
[2013/05/30 08:04:17 | 000,161,280 | ---- | M] (HSN Software LLC) -- C:\Documents and Settings\eamuser\windowsupdate.exe
[2013/05/30 07:59:34 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\eamuser\mstsc.exe
[2013/05/30 07:59:34 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\eamuser\acrobatreader.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\teamviewer.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\csrss.exe
[2013/05/30 07:59:31 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\flashplayer.exe
[2013/05/30 07:59:31 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\chrome.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\jqs.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\conhost.exe
[2013/05/30 07:59:30 | 000,161,280 | ---- | M] (HSN Software LLC) -- C:\Documents and Settings\eamuser\acrobat.exe
[2013/05/30 07:59:29 | 000,122,368 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\msconfig.exe
[2013/05/29 14:45:38 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\eamuser\Desktop\craigslist austin classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/29 07:12:31 | 000,065,271 | ---- | M] () -- C:\Documents and Settings\eamuser\ctfmon.exe
[2013/05/29 07:11:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\firefox.exe
[2013/05/29 07:11:34 | 000,048,907 | ---- | M] () -- C:\Documents and Settings\eamuser\googleupdate.exe
[2013/05/29 07:11:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\skype.exe
[2013/05/29 07:11:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\opera.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/15 09:31:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/30 08:07:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/30 08:04:19 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\eamuser\spoolsv.exe
[2013/05/30 08:04:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\iexplore.exe
[2013/05/30 08:04:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\rundll32.exe
[2013/05/30 08:02:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\eamuser\Application Data\skype.ini
[2013/05/30 07:59:32 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\eamuser\mstsc.exe
[2013/05/30 07:59:32 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\eamuser\acrobatreader.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\teamviewer.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\csrss.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\jqs.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\conhost.exe
[2013/05/29 07:11:45 | 000,065,271 | ---- | C] () -- C:\Documents and Settings\eamuser\ctfmon.exe
[2013/05/29 07:11:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\firefox.exe
[2013/05/29 07:11:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\skype.exe
[2013/05/29 07:11:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\opera.exe
[2013/05/29 07:09:57 | 000,048,907 | ---- | C] () -- C:\Documents and Settings\eamuser\googleupdate.exe
[2012/04/13 08:18:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/12 16:27:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/12 15:27:46 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012/04/12 15:27:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/04/12 15:26:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/12 15:26:07 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2012/04/12 12:49:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 12:45:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/12 05:17:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/12 05:16:55 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/04/13 09:02:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 13:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/05 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/01/16 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekkotb_052
[2012/04/13 08:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2013/06/15 09:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/04/13 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2012/11/30 09:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2012/04/13 08:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/04/13 09:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/04/13 08:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/06/26 12:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eamuser\Application Data\Oracle
[2012/08/03 10:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eamuser\Application Data\Smith Micro
[2012/06/19 15:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eamuser\Application Data\TeamViewer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/08/21 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/08/21 07:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/08/21 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/08/21 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/08/21 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/08/21 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/08/21 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 04:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/08/21 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/08/21 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/08/21 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/08/21 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/08/21 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/08/21 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/08/21 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/08/21 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/08/21 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/08/21 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/08/21 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/08/21 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/08/21 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/08/21 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/08/21 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/08/21 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/08/21 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/08/21 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/08/21 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/08/21 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/08/21 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/08/21 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/08/21 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/08/21 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/08/21 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/08/21 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/08/21 07:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2008/08/21 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/08/21 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2012/04/12 12:47:45 | 000,001,602 | ---- | M] () MD5=17455E9FB13863C5B86361387179E37B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/11/30 09:25:02 | 000,000,313 | ---- | M] () MD5=D763AF6ADD522DFB4002C0FF5A836067 -- C:\Documents and Settings\eamuser\Application Data\Macromedia\Flash Player\#SharedObjects\GZ2L3VA9\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2008/08/21 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/08/21 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/08/21 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/08/21 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/08/21 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/08/21 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/08/21 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 3C7D-09F8
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 03:02 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 03:02 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 145,065,144,320 bytes free

< End of report >

============================

Extras Log:

OTL Extras logfile created on: 6/15/2013 9:56:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\eamuser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.30% Memory free
3.83 Gb Paging File | 2.58 Gb Available in Paging File | 67.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 135.14 Gb Free Space | 90.67% Space Free | Partition Type: NTFS

Computer Name: AUSR-EAM-01 | User Name: eamuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD12\PowerDVD12.exe" = C:\Program Files\CyberLink\PowerDVD12\PowerDVD12.exe:*:Enabled:CyberLink PowerDVD12 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" = C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe:*:Enabled:CyberLink PowerDVD 12 DMREngine -- (CyberLink)
"C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" = C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe:*:Enabled:CyberLink PowerDVD 12 Media Server Service -- (CyberLink)
"C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe" = C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe:*:Enabled:CyberLink PowerDVD12 Agent -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD12\PowerDVD12ML.exe" = C:\Program Files\CyberLink\PowerDVD12\PowerDVD12ML.exe:*:Enabled:CyberLink PowerDVD12 Moovie Live -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD12\PowerDVD12.exe" = C:\Program Files\CyberLink\PowerDVD12\PowerDVD12.exe:*:Enabled:CyberLink PowerDVD12 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" = C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe:*:Enabled:CyberLink PowerDVD 12 DMREngine -- (CyberLink)
"C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" = C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe:*:Enabled:CyberLink PowerDVD 12 Media Server Service -- (CyberLink)
"C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe" = C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe:*:Enabled:CyberLink PowerDVD12 Agent -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD12\PowerDVD12ML.exe" = C:\Program Files\CyberLink\PowerDVD12\PowerDVD12ML.exe:*:Enabled:CyberLink PowerDVD12 Moovie Live -- (CyberLink Corp.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{171B6E08-E57A-4FC4-8A43-79FDA555E647}" = Verizon Mobile Broadband Drivers
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MOBILEDB)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AD6B5136-2F0E-4682-8B2A-B25940C630A5}" = Infor EAM Mobile Full VGA version
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BBB95D0D-D40F-4F46-808D-4D295BBB9490}" = Verizon Wireless USB551L Firmware Updates
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52F624E-BF02-4E2D-AA88-D7ABDCACFB3E}" = VZAccess Manager
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel® Network Connections 14.6.10.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"KAMNDSHF73467808252560" = Kaseya Agent (ausr-eam-01.trs.ny - kaseya.mindshift.com)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MESOL" = Intel® Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"TeamViewer 7" = TeamViewer 7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2013 2:06:37 PM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:38:44 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:38:48 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:39:15 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:39:23 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:42:09 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:42:34 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:42:52 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:43:04 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:43:05 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 5/21/2013 2:06:37 PM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:38:44 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:38:48 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:39:15 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:39:23 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:42:09 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:42:34 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:42:52 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:43:04 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2013 10:43:05 AM | Computer Name = AUSR-EAM-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/30/2013 9:42:21 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 5/30/2013 11:24:37 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 5/30/2013 11:34:10 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 5/30/2013 11:56:32 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 5/30/2013 3:42:47 PM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 6/6/2013 9:40:42 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 6/6/2013 9:40:50 AM | Computer Name = AUSR-EAM-01 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +519862 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.117.100:123->64.4.10.33:123) is working
properly.

Error - 6/15/2013 10:20:49 AM | Computer Name = AUSR-EAM-01 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +519847 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.117.104:123->65.55.56.206:123) is working
properly.

Error - 6/15/2013 10:20:49 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 6/15/2013 10:25:31 AM | Computer Name = AUSR-EAM-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >
  • 0

Advertisements

#41
Essexboy
Posted 21 June 2013 - 11:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill it ... Once these runs have completed could you let me know how it is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes,DefaultScope = {9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebs...r={searchTerms}
O4 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003..\Run: [] C:\Documents and Settings\eamuser\msconfig.exe (FileZilla Project)
O4 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003..\Run: [Mozilla] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1085031214-1844823847-1177238915-1003 Winlogon: Shell - (C:\Documents and Settings\eamuser\Application Data\skype.dat) - C:\Documents and Settings\eamuser\Application Data\skype.dat (HSN Software LLC)
[2013/05/30 11:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2013/05/30 08:04:17 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\vlcplayer.exe
[2013/05/30 08:04:15 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Documents and Settings\eamuser\windowsupdate.exe
[2013/05/30 07:59:30 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\flashplayer.exe
[2013/05/30 07:59:30 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\chrome.exe
[2013/05/30 07:59:28 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Documents and Settings\eamuser\acrobat.exe
[2013/05/30 07:59:28 | 000,122,368 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\eamuser\msconfig.exe
[2013/03/27 07:55:20 | 000,212,638 | ---- | C] (Lurcom Ltd) -- C:\Documents and Settings\eamuser\2162610.exe
[2008/08/21 07:00:00 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Documents and Settings\eamuser\Application Data\skype.dat
[2013/06/15 09:27:05 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\eamuser\Application Data\skype.ini
[2013/05/30 08:04:21 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\eamuser\spoolsv.exe
[2013/05/30 08:04:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\iexplore.exe
[2013/05/30 08:04:18 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\vlcplayer.exe
[2013/05/30 08:04:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\rundll32.exe
[2013/05/30 08:04:17 | 000,161,280 | ---- | M] (HSN Software LLC) -- C:\Documents and Settings\eamuser\windowsupdate.exe
[2013/05/30 07:59:34 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\eamuser\mstsc.exe
[2013/05/30 07:59:34 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\eamuser\acrobatreader.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\teamviewer.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\csrss.exe
[2013/05/30 07:59:31 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\flashplayer.exe
[2013/05/30 07:59:31 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\chrome.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\jqs.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\conhost.exe
[2013/05/30 07:59:30 | 000,161,280 | ---- | M] (HSN Software LLC) -- C:\Documents and Settings\eamuser\acrobat.exe
[2013/05/30 07:59:29 | 000,122,368 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\eamuser\msconfig.exe
[2013/05/29 07:12:31 | 000,065,271 | ---- | M] () -- C:\Documents and Settings\eamuser\ctfmon.exe
[2013/05/29 07:11:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\firefox.exe
[2013/05/29 07:11:34 | 000,048,907 | ---- | M] () -- C:\Documents and Settings\eamuser\googleupdate.exe
[2013/05/29 07:11:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\skype.exe
[2013/05/29 07:11:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\eamuser\opera.exe
[2013/05/30 08:04:19 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\eamuser\spoolsv.exe
[2013/05/30 08:04:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\iexplore.exe
[2013/05/30 08:04:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\rundll32.exe
[2013/05/30 08:02:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\eamuser\Application Data\skype.ini
[2013/05/30 07:59:32 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\eamuser\mstsc.exe
[2013/05/30 07:59:32 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\eamuser\acrobatreader.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\teamviewer.exe
[2013/05/30 07:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\csrss.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\jqs.exe
[2013/05/30 07:59:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\conhost.exe
[2013/05/29 07:11:45 | 000,065,271 | ---- | C] () -- C:\Documents and Settings\eamuser\ctfmon.exe
[2013/05/29 07:11:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\firefox.exe
[2013/05/29 07:11:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\skype.exe
[2013/05/29 07:11:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eamuser\opera.exe
[2013/05/29 07:09:57 | 000,048,907 | ---- | C] () -- C:\Documents and Settings\eamuser\googleupdate.exe
[2013/03/05 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/01/16 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekkotb_052
[2012/04/13 08:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2012/11/30 09:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#42
cramit02
Posted 21 June 2013 - 12:13 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Log created after running OTL fix:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}\ not found.
HKEY_USERS\S-1-5-21-1085031214-1844823847-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1085031214-1844823847-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1844823847-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1844823847-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\eamuser\msconfig.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1844823847-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla deleted successfully.
C:\WINDOWS\system32\regsvr32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1844823847-1177238915-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\eamuser\Application Data\skype.dat deleted successfully.
C:\Documents and Settings\eamuser\Application Data\skype.dat moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla folder moved successfully.
C:\Documents and Settings\eamuser\vlcplayer.exe moved successfully.
C:\Documents and Settings\eamuser\windowsupdate.exe moved successfully.
C:\Documents and Settings\eamuser\flashplayer.exe moved successfully.
C:\Documents and Settings\eamuser\chrome.exe moved successfully.
C:\Documents and Settings\eamuser\acrobat.exe moved successfully.
File C:\Documents and Settings\eamuser\msconfig.exe not found.
C:\Documents and Settings\eamuser\2162610.exe moved successfully.
File C:\Documents and Settings\eamuser\Application Data\skype.dat not found.
C:\Documents and Settings\eamuser\Application Data\skype.ini moved successfully.
C:\Documents and Settings\eamuser\spoolsv.exe moved successfully.
C:\Documents and Settings\eamuser\iexplore.exe moved successfully.
File C:\Documents and Settings\eamuser\vlcplayer.exe not found.
C:\Documents and Settings\eamuser\rundll32.exe moved successfully.
File C:\Documents and Settings\eamuser\windowsupdate.exe not found.
C:\Documents and Settings\eamuser\mstsc.exe moved successfully.
C:\Documents and Settings\eamuser\acrobatreader.exe moved successfully.
C:\Documents and Settings\eamuser\teamviewer.exe moved successfully.
C:\Documents and Settings\eamuser\csrss.exe moved successfully.
File C:\Documents and Settings\eamuser\flashplayer.exe not found.
File C:\Documents and Settings\eamuser\chrome.exe not found.
C:\Documents and Settings\eamuser\jqs.exe moved successfully.
C:\Documents and Settings\eamuser\conhost.exe moved successfully.
File C:\Documents and Settings\eamuser\acrobat.exe not found.
File C:\Documents and Settings\eamuser\msconfig.exe not found.
C:\Documents and Settings\eamuser\ctfmon.exe moved successfully.
C:\Documents and Settings\eamuser\firefox.exe moved successfully.
C:\Documents and Settings\eamuser\googleupdate.exe moved successfully.
C:\Documents and Settings\eamuser\skype.exe moved successfully.
C:\Documents and Settings\eamuser\opera.exe moved successfully.
File C:\Documents and Settings\eamuser\spoolsv.exe not found.
File C:\Documents and Settings\eamuser\iexplore.exe not found.
File C:\Documents and Settings\eamuser\rundll32.exe not found.
File C:\Documents and Settings\eamuser\Application Data\skype.ini not found.
File C:\Documents and Settings\eamuser\mstsc.exe not found.
File C:\Documents and Settings\eamuser\acrobatreader.exe not found.
File C:\Documents and Settings\eamuser\teamviewer.exe not found.
File C:\Documents and Settings\eamuser\csrss.exe not found.
File C:\Documents and Settings\eamuser\jqs.exe not found.
File C:\Documents and Settings\eamuser\conhost.exe not found.
File C:\Documents and Settings\eamuser\ctfmon.exe not found.
File C:\Documents and Settings\eamuser\firefox.exe not found.
File C:\Documents and Settings\eamuser\skype.exe not found.
File C:\Documents and Settings\eamuser\opera.exe not found.
File C:\Documents and Settings\eamuser\googleupdate.exe not found.
C:\Documents and Settings\All Users\Application Data\blekko toolbars folder moved successfully.
C:\Documents and Settings\All Users\Application Data\blekkotb_052 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\install_clap\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\install_clap folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Search Protection folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: eamuser
->Temp folder emptied: 2089101 bytes
->Temporary Internet Files folder emptied: 373628741 bytes
->Flash cache emptied: 62831 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2401626 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9913146 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 267325458 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 625.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06152013_122541

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a40.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a54.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


=======================

Log created after running OTL Quick Scan:

OTL logfile created on: 6/15/2013 12:33:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\eamuser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.90% Memory free
3.83 Gb Paging File | 3.32 Gb Available in Paging File | 86.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 136.27 Gb Free Space | 91.43% Space Free | Partition Type: NTFS

Computer Name: AUSR-EAM-01 | User Name: eamuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/15 09:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eamuser\Desktop\OTL.exe
PRC - [2013/06/15 09:30:06 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/06/07 23:28:12 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/07 23:28:08 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/03/01 15:16:40 | 000,847,872 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MNDSHF73467808252560\AgentMon.exe
PRC - [2012/12/11 08:46:40 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/11/29 12:56:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/05/01 11:17:22 | 000,438,272 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2012/04/16 08:06:40 | 000,218,160 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
PRC - [2012/03/21 16:50:54 | 000,409,600 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MNDSHF73467808252560\KaUsrTsk.exe
PRC - [2012/02/21 09:04:11 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/02/21 09:04:09 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/02/21 09:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/01/01 21:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/25 12:46:22 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/07 05:00:43 | 000,131,072 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\KAgentExt.dll
MOD - [2012/01/01 21:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/11/07 13:21:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\libkacm.dll
MOD - [2008/08/21 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/08/21 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/06/15 10:50:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 23:28:12 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 23:28:08 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/03/01 15:16:40 | 000,847,872 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files\Kaseya\MNDSHF73467808252560\AgentMon.exe -- (KAMNDSHF73467808252560)
SRV - [2012/12/11 08:46:40 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/05/01 11:17:22 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2012/04/16 08:06:40 | 000,218,160 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)
SRV - [2012/02/21 09:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/07/25 12:46:22 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/07 23:28:24 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/04/30 10:57:00 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/12 18:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/16 08:38:38 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130425.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 08:38:37 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130425.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/04 18:16:20 | 000,020,096 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
DRV - [2012/11/29 12:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/08/31 19:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130424.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 08:38:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 08:38:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/05/03 10:43:04 | 000,296,448 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWRmNet_001.sys -- (NWRmNet_001)
DRV - [2012/05/03 10:43:04 | 000,235,520 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_001.sys -- (NWUSBPort2_001)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_001.sys -- (NWUSBPort_001)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_001.sys -- (NWUSBModem_001)
DRV - [2012/04/16 08:43:04 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/16 22:38:00 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/10/27 01:18:45 | 000,120,432 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 19:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/09/21 15:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/07/23 13:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/06/17 17:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/12/06 16:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=31
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/04/16 08:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/06/15 12:31:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/06/15 12:31:21 | 000,000,052 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റㄊ㜲〮〮ㄮ†††䤠瑮汥䵁⁔‣䵌⁓䕇䕎䅒䕔⁄䥌䕎਍
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [KASHMNDSHF73467808252560] C:\Program Files\Kaseya\MNDSHF73467808252560\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1334262589828 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.47.41 10.1.0.238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECB473B-C9AE-4F36-A19B-69F71F4DA551}: DhcpNameServer = 192.168.47.41 10.1.0.238
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/12 12:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 12:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eamuser\Desktop\tputman
[2013/06/15 12:25:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/15 09:55:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\eamuser\Desktop\OTL.exe
[2013/05/30 06:08:57 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/05/20 07:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eamuser\Desktop\Unused Desktop Shortcuts

========== Files - Modified Within 30 Days ==========

[2013/06/15 12:31:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/15 12:31:21 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/15 12:31:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 12:31:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/15 12:22:51 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\eamuser\Desktop\adwcleaner.exe
[2013/06/15 12:04:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/15 11:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/15 09:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eamuser\Desktop\OTL.exe
[2013/06/15 09:31:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/07 23:28:24 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2013/06/07 23:28:16 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2013/06/07 23:28:16 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2013/05/30 11:02:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 14:45:38 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\eamuser\Desktop\craigslist austin classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[1 C:\WINDOWS\System32\drivers\etc\*.tmp files -> C:\WINDOWS\System32\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/15 12:22:49 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\eamuser\Desktop\adwcleaner.exe
[2013/06/15 09:31:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/30 08:07:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/13 08:18:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/12 16:27:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/12 15:27:46 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012/04/12 15:27:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2012/04/12 15:26:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/12 15:26:07 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2012/04/12 12:49:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 12:45:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/12 05:17:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/12 05:16:55 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/04/13 09:02:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 13:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/15 09:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/04/13 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2012/04/13 08:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/04/13 09:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/04/13 08:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/06/26 12:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eamuser\Application Data\Oracle
[2012/08/03 10:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eamuser\Application Data\Smith Micro
[2012/06/19 15:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eamuser\Application Data\TeamViewer

========== Purity Check ==========



< End of report >



=======================

AdwCleaner Log:

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 12:40:17
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : eamuser - AUSR-EAM-01
# Boot Mode : Normal
# Running from : C:\Documents and Settings\eamuser\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [767 octets] - [15/06/2013 12:40:17]

########## EOF - C:\AdwCleaner[S1].txt - [826 octets] ##########
  • 0

#43
Essexboy
Posted 21 June 2013 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You appear to have had an addition to your host file, it looks Chinese .. Did you add that ?


How is the computer behaving now ?
  • 0

#44
cramit02
Posted 21 June 2013 - 12:39 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I haven't done anything to this computer since receiving it, especially nothing Chinese.

Computer boots up quickly, currently getting a Windows Validation error on boot but otherwise seems ok. Will update w Safe Mode testing momentarily...
  • 0

#45
Essexboy
Posted 21 June 2013 - 12:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK can you delete that line from the Host file or would you like me to do it
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP