Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.Downloader.Gen Can't Be Removed [Closed]


  • This topic is locked This topic is locked

#1
beerman

beerman

    Member

  • Member
  • PipPipPip
  • 188 posts
Hello GTG! Need your much appreciated expert assistance.

Working on something on my father-in-law's laptop and noted it was very sluggish. Did some clean up, updates, removal of programs, etc. Noted that MBAM was loaded on the machine so updated and did a scan. Found few thing which it removed. Also tried to uninstall Spybot S&D but some installer file missing. So I updated in hopes that a clean install would allow the uninstall, but before uninstalling I thought, what the heck, run a scan. Well, it found W32.Downloader.Gen and when I clicked "Fix" it said it could not. Now I wonder if there is something embedded and for who knows how long.

Anyway, hope you can help. Here are the logs:

OTL logfile created on: 6/10/2013 12:17:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Broc\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.56% Memory free
3.91 Gb Paging File | 2.49 Gb Available in Paging File | 63.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 78.65 Gb Free Space | 58.54% Space Free | Partition Type: NTFS

Computer Name: BROC-PC | User Name: Broc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/10 12:17:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Broc\Desktop\OTL.exe
PRC - [2013/06/08 13:36:58 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 13:36:48 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/11 06:37:42 | 003,478,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Broc\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 10:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/04/22 14:21:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/03/31 19:19:44 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2010/12/16 18:00:13 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/05/31 11:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/03/04 18:12:54 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2010/03/04 18:12:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2010/03/04 18:12:50 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2010/01/07 17:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/05 21:40:58 | 001,826,816 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/10/05 21:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/08/14 14:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/08/11 18:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/07 07:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/31 20:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/31 20:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
PRC - [2009/07/27 14:18:02 | 000,134,656 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/07/16 14:13:34 | 001,245,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/07/16 14:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/06/19 18:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/11 23:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/04/27 15:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/02/20 11:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/01 04:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 17:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 03:32:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:31:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 04:33:56 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/12 04:50:49 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/11 10:31:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:29:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:28:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:28:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:27:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/03/04 18:20:23 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/03/04 18:20:23 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/03/04 18:12:50 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
MOD - [2009/10/05 21:36:48 | 000,569,344 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll
MOD - [2009/07/27 14:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/06/03 14:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 15:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/06/08 13:36:58 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 13:36:48 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/15 11:11:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/28 11:25:56 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/31 19:19:44 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/12/16 18:00:13 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/19 13:18:12 | 000,157,024 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Sound_Organizer)
SRV - [2010/05/25 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 18:12:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/10/05 21:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/08/11 18:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/31 20:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV)
SRV - [2009/07/16 14:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 14:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/04/27 15:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/02/20 11:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - [2013/06/08 13:36:50 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/26 13:26:38 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/05/25 13:37:07 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130608.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/25 13:37:06 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130608.009\NAVENG.SYS -- (NAVENG)
DRV - [2013/03/13 15:58:54 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130607.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/12/01 14:04:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 23:48:53 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/02 18:54:49 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)
DRV - [2011/03/30 23:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/03/04 18:12:49 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/11/24 19:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/31 20:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/27 14:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/04 22:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 12:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 23:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 20:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 20:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 20:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/26 15:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/05/11 13:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 16:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{72BD7DC5-3EDD-43D0-A166-8517E61BC77A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3003489

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{1B86AE97-2329-4C0D-8724-B08C5F2BE041}: "URL" = http://websearch.ask...E9-00E977196D86
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS480
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2013/03/16 13:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013/06/10 11:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012/11/13 15:14:40 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Broc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Broc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.pmn.com/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AAB5DDB-0754-4128-BC99-B2C1011BED82}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC6E9DC3-2027-4A8B-9EA6-80F8F4B70CC3}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/10 12:17:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Broc\Desktop\OTL.exe
[2013/06/10 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/06/08 10:19:16 | 000,000,000 | ---D | C] -- C:\Users\Broc\Desktop\Margy
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/10 12:17:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Broc\Desktop\OTL.exe
[2013/06/10 12:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 11:54:35 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 11:54:35 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 11:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/10 11:47:47 | 000,662,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/10 11:47:47 | 000,121,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/10 11:42:01 | 000,000,000 | ---- | M] () -- C:\Users\Broc\AppData\Local\WavXMapDrive.bat
[2013/06/10 11:41:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 11:41:42 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/06/10 11:41:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/06/10 11:41:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/10 11:41:07 | 1575,354,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 21:35:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/06/08 13:36:50 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/06/08 13:36:49 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/06/08 13:36:48 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/06/08 10:07:05 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/06/05 20:53:02 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 03:29:03 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/29 03:08:19 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/05/26 13:26:28 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
[2013/05/26 13:26:26 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll.000.bak
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/10 11:00:06 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/05/29 03:08:19 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/10/16 11:14:53 | 083,023,306 | ---- | C] () -- C:\ProgramData\emorhc.pad
[2012/08/31 11:33:13 | 000,307,603 | ---- | C] () -- C:\Users\Broc\Jonestown_Flood.pdf
[2012/08/31 11:30:14 | 000,059,818 | ---- | C] () -- C:\Users\Broc\q=johnstown+flood&form=DLCMHP&pq=joh.pdf
[2012/08/31 11:13:09 | 000,258,497 | ---- | C] () -- C:\Users\Broc\Johnstown,_Pennsylvania.pdf
[2012/08/27 11:04:54 | 000,035,461 | ---- | C] () -- C:\Users\Broc\cpid.pdf
[2012/07/14 11:45:55 | 000,175,590 | ---- | C] () -- C:\Users\Broc\Limited_liability_company.pdf
[2012/07/12 16:23:43 | 000,037,729 | ---- | C] () -- C:\Users\Broc\junto bill.pdf
[2012/02/23 11:37:20 | 000,579,323 | ---- | C] () -- C:\Users\Broc\Bonbright Jan 2012 FINANCIALS.pdf
[2011/11/23 12:35:02 | 000,358,454 | ---- | C] () -- C:\Users\Broc\City Income Tax Check 1 001.pdf
[2011/06/23 10:05:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/02 17:31:45 | 003,182,840 | ---- | C] () -- C:\Users\Broc\Bonbright_Presentation_edited_version[1].pdf
[2011/05/02 17:30:32 | 002,269,776 | ---- | C] () -- C:\Users\Broc\Yuengling_Application_Bonbright_Version_1.1[1].pdf
[2011/01/04 17:55:19 | 000,001,940 | ---- | C] () -- C:\Users\Broc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/19 19:02:39 | 000,075,776 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\rbqt450.DLL
[2010/11/19 19:02:39 | 000,065,024 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSPicturePlugin3542.dll
[2010/11/19 19:02:39 | 000,064,512 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\rbap450.dll
[2010/11/19 19:02:39 | 000,052,224 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\EHZComp.dll
[2010/11/19 19:02:39 | 000,041,472 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\RBShell400.dll
[2010/11/19 19:02:39 | 000,037,888 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSPictureMacPlugin3552.dll
[2010/11/19 19:02:39 | 000,036,352 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSFolderitemsCreatePlugin3542.dll
[2010/11/19 19:02:39 | 000,034,304 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSEncryptPlugin3543.dll
[2010/11/19 19:02:39 | 000,033,792 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSIconPlugin3542.dll
[2010/11/19 19:02:39 | 000,032,768 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSProcessPlugin3543.dll
[2010/11/19 19:02:39 | 000,029,184 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSRectPlugin3542.dll
[2010/11/19 19:02:39 | 000,027,648 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSRegistrationPlugin3542.dll
[2010/11/19 19:02:39 | 000,027,136 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSUsernamePlugin3541.dll
[2010/11/19 19:02:39 | 000,026,112 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSResStreamPlugin3552.dll
[2010/11/19 19:02:39 | 000,019,968 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\EHMD5.dll
[2010/11/19 19:02:39 | 000,018,432 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\EHEncrypt.dll
[2010/11/19 19:02:38 | 000,061,440 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSQTImporterPlugin3549.dll
[2010/11/19 19:02:38 | 000,055,808 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSQuickTimePlugin3549.dll
[2010/11/19 19:02:38 | 000,053,760 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSWinPlugin3544.dll
[2010/11/19 19:02:38 | 000,048,640 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSResPlugin3542.dll
[2010/11/19 19:02:38 | 000,044,032 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSMainPlugin3542.dll
[2010/11/19 19:02:38 | 000,042,496 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSRegistryPlugin3544.dll
[2010/11/19 19:02:38 | 000,036,352 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSFolderitemsPlugin3542.dll
[2010/11/19 19:02:38 | 000,030,720 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSMemoryPlugin3542.dll
[2010/11/19 19:02:38 | 000,029,696 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSMacOSXPlugin3545.dll
[2010/11/19 19:02:38 | 000,025,600 | -H-- | C] () -- C:\Users\Broc\AppData\Roaming\MBSVersionPlugin3581.dll
[2010/09/04 16:17:03 | 000,002,194 | ---- | C] () -- C:\Users\Broc\AppData\Roaming\SAS7_000.DAT
[2010/05/24 16:25:38 | 000,000,000 | ---- | C] () -- C:\Users\Broc\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2013/03/11 09:23:53 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c\@
[2013/03/11 09:23:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c\L
[2013/03/11 09:23:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c\U
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/24 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\Broadcom
[2012/11/13 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/01/22 11:03:04 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2011/12/23 13:00:26 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\DriverCure
[2012/04/22 14:02:00 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\IObit
[2010/07/29 17:11:49 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\iScreensaver
[2011/12/27 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\Juniper Networks
[2010/09/03 17:49:35 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\Nuance
[2012/11/27 11:49:20 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\SolidDocuments
[2011/12/23 13:00:25 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\SpeedyPC Software
[2011/01/21 14:11:16 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\Tific
[2010/05/24 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\Wave Systems Corp
[2010/07/28 09:51:42 | 000,000,000 | ---D | M] -- C:\Users\Broc\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 172 bytes -> C:\Users\Broc\Documents\Capitol One MC Sep Oct #2.bmp:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 172 bytes -> C:\Users\Broc\Documents\Capitol one MC Sep Oct.bmp:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Broc\Documents\davant 2011.tiff:3or4kl4x13tuuug3Byamue2s4b

< End of report >


OTL Extras logfile created on: 6/10/2013 12:17:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Broc\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.56% Memory free
3.91 Gb Paging File | 2.49 Gb Available in Paging File | 63.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 78.65 Gb Free Space | 58.54% Space Free | Partition Type: NTFS

Computer Name: BROC-PC | User Name: Broc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025E7C95-18D8-4D01-AE71-D890CE6872B1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0E8EE5E3-D5DC-488C-819F-F2E921712077}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F496448-BC59-4A5B-A3AF-AE2D87C62D38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10CF4E78-922E-437D-9815-3A174960E8FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DB33A1C-8ABD-4619-8016-AF90CFE21B56}" = rport=137 | protocol=17 | dir=out | app=system |
"{20DF2F5D-6C8D-4CF2-92DC-1D2D69C54410}" = lport=2869 | protocol=6 | dir=in | app=system |
"{226DC077-70C1-4344-8096-8DA60113536F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24F677A6-C5E5-4D5D-A1FF-146157D444A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2682E950-C6C5-46FC-912B-CEF63B622634}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{312D3D8B-7C1D-43C8-A40D-BA2AEB7A6FF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{344024A0-96DE-4BE1-A8D0-E6CDDB221B92}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{39518614-7EE3-4803-9DC0-3353CB8607E3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FBDE0FD-36C0-48EC-BD94-4E57A4629082}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4073CC36-C3B1-4503-82DB-CCC3CBE2F171}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E2F68BE-F8A9-4767-AE51-AAE8460A59C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E3627FF-D1A2-4E22-858C-F87460676866}" = rport=445 | protocol=6 | dir=out | app=system |
"{6228AB7D-9AA2-4869-A687-B5767EB1A95B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6F6CB2A5-676C-4C65-940E-4F8AB0AD2BF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B4BAED3-65BE-41D7-870B-75E52B69242E}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E65565E-92EA-42D9-A30B-E2E9EA25D3CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{841EA1B5-FB4E-4F50-B7F0-63850F9EDD04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F85D4A9-ED04-4713-B4F3-5EF8B120681C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4F2052A-0334-4FDA-8C81-DC52475043A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6DAF80C-1E3B-4469-B60E-4D0560F10B96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7976077-FAE3-4187-832D-41D4796D2527}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8901C71-EA03-4806-B511-FE60F64DF154}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BAB11723-0713-4832-93D1-87AB98851F8E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7C86D9B-88EA-4FFE-A877-C72DAB86F6E6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C970A4F3-80D5-4AF4-BC50-757E392263AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D60FB655-3C3E-4425-9755-3EC27F07A66A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCD00F93-DC20-4D19-A303-7A90065E919C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DD6197E9-6B71-4225-A0EB-C094F7DEB200}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E939B656-BCE2-4885-A6EF-FD10E4F519A7}" = rport=139 | protocol=6 | dir=out | app=system |
"{F02CE14B-15F7-47EE-BB72-68C13F376066}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C23D77E-0524-46BE-8DC9-48A1C769B163}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1195BDD1-184D-44C8-92B3-960FAC946E6A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DC31E88-A797-4865-9ADE-9B701C93F80D}" = protocol=1 | dir=out | [email protected],-28544 |
"{2BF1C168-C40A-4C52-8741-017474F13ACD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FC04EE7-F676-4E14-9F16-0581453A5594}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{455E7E7A-D071-4638-AB48-D3E320F0CC5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4822A809-3DB9-47FD-8DA9-AAE902A063DA}" = protocol=58 | dir=in | [email protected],-28545 |
"{6DEAAB20-205A-4556-9A03-8FC99D6EB729}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{722FEFD8-7594-4F91-9A58-8B8B2BAB2358}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BE52EB7-FDCF-4B55-901C-BE731A84B13B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86D4FBA5-9DBD-4518-924D-2CAE47C6B5BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88D63B4B-FCDA-4C18-9538-DDB9D1E84F04}" = protocol=1 | dir=in | [email protected],-28543 |
"{98979556-6AC7-4A02-A85C-24D35FAE6960}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{99552A2E-FD30-44FC-A128-010D49DB4054}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AD1C0B76-A066-4654-B40B-02A04F04E708}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{C20F6E05-DB06-4BE8-A374-14F645D25EE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C71CF4EE-2C0A-479B-85B9-7E7B54D03451}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9FB2BDE-67FB-4E20-8DF9-522C0B5BD3EC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{CF4787C3-C974-493F-B540-7AB56C5D3D93}" = protocol=58 | dir=out | [email protected],-28546 |
"{D80AD678-110B-45C1-BFB6-0D66448D13F9}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{E052D242-65C9-467F-909D-B3B10B105023}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{E731CC42-6DC1-4F24-86A6-B5C45F4FEC44}" = protocol=6 | dir=out | app=system |
"{F1097041-D609-4CA2-8237-D5F3727393CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010813A5-CE68-4C86-96F4-11CAEA3E6292}" = Sound Organizer
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{4010ADCB-1347-D570-FCF1-3002CABEBD2F}" = Rosetta Stone TOTALe
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}" = Rosetta Stone Ltd Services
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1FEA5E-8DB8-AD80-5C14-AEF33D16EF5A}" = Rosetta Stone TOTALe
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3D581C8-CDD0-48DF-ADB5-72A6EBF6E1D5}" = Model T Ford Club of America
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.rosettastone.rosettastonetotale" = Rosetta Stone TOTALe
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TVWiz" = Intel® TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Akamai" = Akamai NetSession Interface
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2013 7:33:29 PM | Computer Name = Broc-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 2/23/2013 3:57:38 PM | Computer Name = Broc-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1094 Start
Time: 01ce11d30956718a Termination Time: 140 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 2/25/2013 1:04:20 PM | Computer Name = Broc-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6e8 Start
Time: 01ce12b97828a353 Termination Time: 800 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 2/26/2013 2:13:43 PM | Computer Name = Broc-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2864 Start
Time: 01ce144cb6242240 Termination Time: 40 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 2908993c-8040-11e2-bb83-a4badbab1624

Error - 2/27/2013 2:53:33 PM | Computer Name = Broc-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2b10 Start
Time: 01ce137a278c983f Termination Time: 6400 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 2/27/2013 3:13:26 PM | Computer Name = Broc-PC | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 2/27/2013 6:05:08 PM | Computer Name = Broc-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 3/4/2013 11:32:50 AM | Computer Name = Broc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16464,
time stamp: 0x50ec971b Faulting module name: Flash32_11_6_602_171.ocx, version: 11.6.602.171,
time stamp: 0x511ee97c Exception code: 0xc0000005 Fault offset: 0x004b1c99 Faulting
process id: 0x2ec4 Faulting application start time: 0x01ce18e833794f5d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_11_6_602_171.ocx
Report
Id: c5238919-84e0-11e2-b9f7-a4badbab1624

Error - 3/4/2013 11:33:25 AM | Computer Name = Broc-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 188c Start
Time: 01ce17954296eb9b Termination Time: 3728 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: cddeb53b-84e0-11e2-b9f7-a4badbab1624

Error - 3/6/2013 11:09:03 AM | Computer Name = Broc-PC | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

[ System Events ]
Error - 5/31/2013 11:36:06 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/1/2013 4:06:19 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 6/1/2013 11:32:35 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/2/2013 11:39:05 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109

Error - 6/2/2013 11:39:05 AM | Computer Name = Broc-PC | Source = DCOM | ID = 10005
Description =

Error - 6/6/2013 8:17:47 PM | Computer Name = Broc-PC | Source = DCOM | ID = 10010
Description =

Error - 6/10/2013 10:47:06 AM | Computer Name = Broc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll
Error
Code: 21

Error - 6/10/2013 11:00:09 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/10/2013 11:01:26 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7034
Description = The AuthenTec Fingerprint Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/10/2013 11:41:34 AM | Computer Name = Broc-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0


< End of report >


Thanks again!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have an old zero access infection, I do not believe it is active at the moment

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
@Alternate Data Stream - 172 bytes -> C:\Users\Broc\Documents\Capitol One MC Sep Oct #2.bmp:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 172 bytes -> C:\Users\Broc\Documents\Capitol one MC Sep Oct.bmp:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Broc\Documents\davant 2011.tiff:3or4kl4x13tuuug3Byamue2s4b

:Files
C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Essexboy, thanks for the quick reply.

Here are the logs. Haven't yet rebooted after ComboFix ran but will do that after this post.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
ADS C:\Users\Broc\Documents\Capitol One MC Sep Oct #2.bmp:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
Unable to delete ADS C:\Users\Broc\Documents\Capitol one MC Sep Oct.bmp:3or4kl4x13tuuug3Byamue2s4b .
ADS C:\Users\Broc\Documents\davant 2011.tiff:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c\U folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c\L folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$01a0284d4ad263f28b9f6d6ddb2d863c folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Broc
->Temp folder emptied: 2868020 bytes
->Temporary Internet Files folder emptied: 14241282 bytes
->Java cache emptied: 58686 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9913279 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 13924960 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7322321 bytes
RecycleBin emptied: 15349 bytes

Total Files Cleaned = 46.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06102013_140918

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


ComboFix 13-06-08.02 - Broc 06/10/2013 14:24:08.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2003.772 [GMT -4:00]
Running from: c:\users\Broc\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\emorhc.pad
c:\users\Broc\AppData\Roaming\EHEncrypt.dll
c:\users\Broc\AppData\Roaming\EHMD5.dll
c:\users\Broc\AppData\Roaming\EHZComp.dll
c:\users\Broc\AppData\Roaming\MBSEncryptPlugin3543.dll
c:\users\Broc\AppData\Roaming\MBSFolderitemsCreatePlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSFolderitemsPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSIconPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSMacOSXPlugin3545.dll
c:\users\Broc\AppData\Roaming\MBSMainPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSMemoryPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSPictureMacPlugin3552.dll
c:\users\Broc\AppData\Roaming\MBSPicturePlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSProcessPlugin3543.dll
c:\users\Broc\AppData\Roaming\MBSQTImporterPlugin3549.dll
c:\users\Broc\AppData\Roaming\MBSQuickTimePlugin3549.dll
c:\users\Broc\AppData\Roaming\MBSRectPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSRegistrationPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSRegistryPlugin3544.dll
c:\users\Broc\AppData\Roaming\MBSResPlugin3542.dll
c:\users\Broc\AppData\Roaming\MBSResStreamPlugin3552.dll
c:\users\Broc\AppData\Roaming\MBSUsernamePlugin3541.dll
c:\users\Broc\AppData\Roaming\MBSVersionPlugin3581.dll
c:\users\Broc\AppData\Roaming\MBSWinPlugin3544.dll
c:\users\Broc\AppData\Roaming\rbap450.dll
c:\users\Broc\AppData\Roaming\rbqt450.DLL
c:\users\Broc\AppData\Roaming\RBShell400.dll
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2013-05-10 to 2013-06-10 )))))))))))))))))))))))))))))))
.
.
2013-06-10 18:38 . 2013-06-10 18:41 -------- d-----w- c:\users\Broc\AppData\Local\temp
2013-06-10 18:38 . 2013-06-10 18:38 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-06-10 18:09 . 2013-06-10 18:09 -------- d-----w- C:\_OTL
2013-06-10 15:12 . 2013-06-10 15:12 -------- d-----w- c:\program files\Common Files\Java
2013-06-10 15:10 . 2013-06-10 15:09 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-29 07:07 . 2013-05-29 07:07 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 14:55 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 14:55 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:55 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:55 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 14:55 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 14:55 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-10 18:40 . 2010-05-24 20:25 0 ----a-w- c:\users\Broc\AppData\Local\WavXMapDrive.bat
2013-06-10 15:09 . 2012-10-16 18:15 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-10 15:09 . 2010-05-24 20:49 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 17:36 . 2010-10-28 11:48 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 17:36 . 2010-10-28 11:48 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 17:36 . 2010-10-28 11:48 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 17:36 . 2010-10-28 11:48 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-26 17:26 . 2010-10-28 11:48 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-26 17:26 . 2010-10-28 11:48 31560 ----a-w- c:\windows\system32\LMIport.dll.000.bak
2013-05-15 15:11 . 2012-04-22 21:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 15:11 . 2011-05-31 13:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 13:45 . 2013-04-23 21:38 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2012-10-16 16:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 05:04 . 2013-04-10 14:01 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:01 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 14:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 14:01 69632 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Akamai NetSession Interface"="c:\users\Broc\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2010-03-04 4562944]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-04 29472]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2010-11-19 157024]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [2013-05-31 1002072]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130607.001\IDSvix86.sys [2013-03-13 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [2011-04-21 299640]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-08 375120]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-05-26 13624]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 106656]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 00:50 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 15:11]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-22 21:12]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-22 21:12]
.
2013-06-09 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2013-03-28 18:41]
.
2013-06-10 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41]
.
2013-06-08 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Connect 9 Add-in - c:\users\Broc\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\adobeconnectaddin\adobeconnectaddin.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4516)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\igfxext.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-06-10 14:47:37 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-10 18:47
.
Pre-Run: 83,681,947,648 bytes free
Post-Run: 83,424,251,904 bytes free
.
- - End Of File - - CEDA7B64AEABC4BEEEFC9908491AF0E9
CDB4DE4BBD714F152979DA2DCBEF57EB


Computer seems to be running well now. IE is behaving much more.

Thanks!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is looking good .. A final sweep for orphans I feel, although I believe nothing of import will be found :)

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP