Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arestocrat [Closed]


  • This topic is locked This topic is locked

#1
Kit_Kat

Kit_Kat

    New Member

  • Member
  • Pip
  • 5 posts
Hi. I too have a pop up screen that I cannot get rid of. The picture that DailyDose had provided in his/her post is the same image that I have on my screen. I've tried to open task manager but the screen just overrides it. When I try to log off or switch users it says "Arestocrat and an ISS security update is still running." The only way I can seem to run my laptop is when I log in under another user. Only then, the pop up screen does not appear. I'm currently logged onto my laptop under a non admin user. My laptop is currently running under Windows Home Vista. Eventually I would like to install Windows 8 Pro. If someone can help me with this, it would be greatly appreciated. Thank you in advance!
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, Kit_Kat and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

To start with, I have only one question: Are you able to boot into the Safe Mode? (press and hold F8 key during computer start)
  • 0

#3
Kit_Kat

Kit_Kat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hi. sorry it took me so long to respond. I was away for 2 wks. I would like to know if you would still be able to help me with my issue. I am not able to connect to this website in safe mode for some reason. I'm currently signed in under a second user who is not admin. below is the dds files.
Thanks,
Kat


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 2/8/2011 2:20:32 AM
System Uptime: 7/19/2013 10:35:52 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WP007
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz | Microprocessor | 1733/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 22.847 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.848 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-L632H_______________D400____\5&5C326DA&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp DVD+-RW TS-L632H ATA Device
PNP Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-L632H_______________D400____\5&5C326DA&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0)
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bonjour
CA Anti-Virus Plus
Coby Media Manager
Dell Toolbar
Dell V310-V510 Series
DNAMigrator
Facebook Video Calling 1.2.0.287
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iCloud
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Juniper Networks Secure Application Manager
Juniper Networks, Inc. Setup Client
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Web Platform Installer 2.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
ooVoo
QuickTime
Redist
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Total Defense Internet Security Suite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vz In Home Agent
Wizard101
WordPerfect Office 2002
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.7.2
Run by Katiuscia at 10:55:54 on 2013-07-19
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1162 [GMT -4:00]
.
AV: Total Defense Anti-Virus Plus *Disabled/Outdated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Outdated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\System32\mdmcls32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Facebook Update] "c:\users\katiuscia\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\katiuscia\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DisplaySwitch] "c:\programdata\DisplaySwitch.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rap.northshorelij.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 167.206.112.138
TCP: Interfaces\{2D481407-F34B-425E-B392-3DD1316E7AFC} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{593FFB46-527B-4F0D-8CB6-8BF1531252F3} : DHCPNameServer = 167.206.112.138
TCP: Interfaces\{B629B0F9-528C-4C6B-81C9-555F4D6EE7AF} : DHCPNameServer = 10.169.170.11 10.170.170.11
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 NEOFLTR_710_19525;Juniper Networks TDI Filter Driver (NEOFLTR_710_19525);c:\windows\system32\drivers\NEOFLTR_710_19525.SYS [2012-2-21 85064]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-7-27 210248]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-7-27 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-7-27 207952]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040]
R2 syshost32;syshost32;"c:\windows\installer\{0da877d9-6a8d-559a-728e-8f23523b1e8c}\syshost.exe" /service --> c:\windows\installer\{0da877d9-6a8d-559a-728e-8f23523b1e8c}\syshost.exe [?]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2011-7-27 3207184]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-10-27 170064]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-10-26 83536]
S2 IHA_MessageCenter;IHA_MessageCenter;"c:\program files\verizon\iha_messagecenter\bin\verizon_ihamessagecenter.exe" --> c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [?]
S3 10987;10987;c:\windows\system32\drivers\10987 [2013-5-22 9072]
S3 20740;20740;c:\windows\system32\drivers\20740 [2012-9-30 9072]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-9-6 331344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-07-19 14:54:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 14:54:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-25 01:54:39 74752 ----a-w- c:\programdata\DisplaySwitch.exe
2013-05-23 00:48:09 9072 ----a-w- c:\windows\system32\drivers\10987
.
============= FINISH: 10:56:11.28 ===============
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

I would like to know if you would still be able to help me with my issue.


Yep, I'll help you with your issue. Please, wait for a while, because my fix is checked by teacher before I will post it for you.

I am not able to connect to this website in safe mode for some reason.


Nice to hear that you are able to enter into Safe Mode. If you wish to use internet, try Safe Mode with Networking.
  • 0

#5
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
By the way, are you able to enter in Safe Mode under Administrator account?
  • 0

#6
Kit_Kat

Kit_Kat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I tried that but the issue I am having is signing onto this website. my user name and password does not work. I have it setup for automatic sign in under my laptop non admin acct. I also have not received any email alerts from this site to notify me that someone has responded to my posts. I checked both my inbox and spam folders. I have been refreshing this website page from time to time to check for any responses. :(
  • 0

#7
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

my user name and password does not work.


Maybe are you typing incorrect password? Try to change it.

I also have not received any email alerts from this site to notify me


Try to click on Stop watching topic button on the top of this thread. After that click Watch topic button in the same place and change notification method to Immediate Notification. To save the settings, click on Proceed button.

Sorry, but what about that?

By the way, are you able to enter in Safe Mode under Administrator account?


  • 0

#8
Kit_Kat

Kit_Kat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am finally able to log in under safe mode with networking. and log onto this website thru google chrome. before I was using internet explorer. not sure why that made a difference but happy that it worked. I also followed the steps to get notification on when there's a response. hope it will work now.
It took a very long time for my computer to completely boot in safe mode.about 10 mins. Is that to be expected.
  • 0

#9
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Okay, let's try that in Safe Mode with Networking:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#10
Kit_Kat

Kit_Kat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 7/19/2013 4:38:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katiuscia\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.45% Memory free
4.21 Gb Paging File | 3.82 Gb Available in Paging File | 90.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 25.08 Gb Free Space | 18.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.85 Gb Free Space | 58.48% Space Free | Partition Type: NTFS

Computer Name: KATIUSCIA-PC | User Name: Katiuscia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/19 16:38:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katiuscia\Downloads\OTL.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Users\Katiuscia\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Users\Katiuscia\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Users\Katiuscia\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/01/29 22:22:10 | 000,147,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Installer\{0DA877D9-6A8D-559A-728E-8F23523B1E8C}\syshost.exe -- (syshost32)
SRV - [2012/12/14 23:26:56 | 000,060,416 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\fb2ce14d558daf29.sys -- (fb2ce14d558daf29)
SRV - [2012/09/30 19:23:31 | 000,261,200 | ---- | M] (Total Defense, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2012/09/30 19:23:31 | 000,207,952 | ---- | M] (Total Defense, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2012/09/30 19:23:27 | 000,210,248 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/07/29 00:01:30 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/06/29 14:20:02 | 003,207,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\mdmcls32.exe -- (WinExtManager)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/04 12:42:28 | 000,662,096 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/01 09:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\KmxFilter.sys -- (KmxFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [File Corrupted - Detail Data unreadable] [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2013/05/22 20:48:09 | 000,009,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\10987 -- (10987)
DRV - [2012/12/14 23:26:56 | 000,060,416 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\fb2ce14d558daf29.sys -- (fb2ce14d558daf29)
DRV - [2012/09/30 18:56:03 | 000,009,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\20740 -- (20740)
DRV - [2011/10/27 16:07:50 | 000,170,064 | ---- | M] (Total Defense) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/10/26 12:51:22 | 000,083,536 | ---- | M] (CA) [File_System | System | Stopped] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/10/11 05:33:20 | 000,085,064 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_710_19525.SYS -- (NEOFLTR_710_19525)
DRV - [2011/09/06 22:03:36 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/16 11:59:54 | 000,898,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/05/09 21:33:10 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/01/20 22:34:49 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/20 22:34:48 | 000,083,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/20 22:34:42 | 000,071,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/20 22:34:39 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 22:34:35 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:34:08 | 000,294,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2008/01/20 22:34:06 | 000,062,464 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 22:34:06 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 22:34:06 | 000,023,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2008/01/20 22:34:06 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 22:33:45 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 22:33:45 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 22:33:23 | 000,503,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/20 22:33:22 | 000,226,816 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/01/20 22:33:13 | 000,030,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2008/01/20 22:32:53 | 000,035,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/01/20 22:32:52 | 000,134,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo)
DRV - [2008/01/20 22:32:51 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/01/20 22:32:50 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/01/20 22:32:50 | 000,022,072 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:32:48 | 000,034,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 22:32:48 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 22:32:47 | 000,227,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/20 22:32:47 | 000,059,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2008/01/20 22:32:47 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV - [2008/01/20 22:32:45 | 000,073,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/20 22:32:24 | 000,194,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/01/20 22:32:24 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/01/20 22:32:24 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:32:23 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 22:32:22 | 000,060,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2008/01/20 22:32:22 | 000,056,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/01/20 22:32:22 | 000,052,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/20 22:32:21 | 000,054,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2008/01/20 22:32:21 | 000,041,472 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:32:21 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Katiuscia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Katiuscia\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Katiuscia\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2012/10/14 18:18:33 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms},
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Katiuscia\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Katiuscia\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Katiuscia\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Katiuscia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Katiuscia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Calendar = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: Total Defense Anti-Phishing Toolbar = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih\2.0.0.556_0\
CHR - Extension: SaveValet = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.7.13.127_0\
CHR - Extension: SaveValet = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.0.137_0\
CHR - Extension: Gmail = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Color Ripple = C:\Users\Katiuscia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkfnpaoielgekpgmiddkokojkgpplkij\1_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DisplaySwitch] C:\ProgramData\DisplaySwitch.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Katiuscia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: northshorelij.com ([rap] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nslijhs.net ([vtraining] * in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rap.northsho...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.112.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D481407-F34B-425E-B392-3DD1316E7AFC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{593FFB46-527B-4F0D-8CB6-8BF1531252F3}: DhcpNameServer = 167.206.112.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B629B0F9-528C-4C6B-81C9-555F4D6EE7AF}: DhcpNameServer = 10.169.170.11 10.170.170.11
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows.old\Users\Katiuscia\Pictures\collages\collage1.jpg
O24 - Desktop BackupWallPaper: C:\Windows.old\Users\Katiuscia\Pictures\collages\collage1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a9c53584-d0e6-11e0-9eed-001d093f6b37}\Shell\Auto\command - "" = G:\launcher.exe
O33 - MountPoints2\{a9c53584-d0e6-11e0-9eed-001d093f6b37}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/19 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/19 12:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/19 12:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/19 12:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/07/19 12:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/07/19 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/20 11:33:10 | 000,637,136 | ---- | C] (Coby) -- C:\Users\Katiuscia\AppData\Roaming\Coby Media Manager.exe

========== Files - Modified Within 30 Days ==========

[2013/07/19 16:35:34 | 000,000,680 | ---- | M] () -- C:\Users\Katiuscia\AppData\Local\d3d9caps.dat
[2013/07/19 16:13:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 16:04:15 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 16:04:15 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 15:59:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667441344-2474885962-1242227304-1001UA.job
[2013/07/19 15:49:59 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667441344-2474885962-1242227304-1000UA.job
[2013/07/19 14:26:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1667441344-2474885962-1242227304-1000UA.job
[2013/07/19 14:26:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1667441344-2474885962-1242227304-1000Core.job
[2013/07/19 12:55:24 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/19 12:47:44 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/19 11:11:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667441344-2474885962-1242227304-1001Core.job
[2013/07/19 10:52:08 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667441344-2474885962-1242227304-1000Core.job
[2013/07/19 10:45:34 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD387F08-8F93-42EC-8A94-65D5C4D03C1F}.job
[2013/07/02 12:02:19 | 000,000,000 | ---- | M] () -- C:\Users\Katiuscia\defogger_reenable
[2013/07/02 11:43:06 | 000,002,066 | ---- | M] () -- C:\Users\Katiuscia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/02 11:43:06 | 000,002,064 | ---- | M] () -- C:\Users\Katiuscia\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/07/19 12:55:24 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/19 12:47:44 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/02 12:02:19 | 000,000,000 | ---- | C] () -- C:\Users\Katiuscia\defogger_reenable
[2013/05/24 22:07:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/05/24 22:06:52 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/05/24 21:54:41 | 000,074,752 | ---- | C] () -- C:\ProgramData\DisplaySwitch.exe
[2013/04/18 16:09:53 | 000,333,952 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\FlashPlayer_V.74961026a.exe
[2013/01/09 20:44:57 | 000,026,840 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2012/12/14 23:26:56 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\fb2ce14d558daf29.sys
[2012/12/14 23:25:22 | 000,012,166 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/14 23:25:21 | 000,012,166 | -HS- | C] () -- C:\Users\Katiuscia\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/14 23:24:39 | 000,217,280 | -HS- | C] () -- C:\Users\Katiuscia\AppData\Local\qlu.exe
[2012/09/28 11:32:56 | 000,044,544 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys
[2012/08/12 12:02:59 | 000,000,632 | RHS- | C] () -- C:\Users\Katiuscia\ntuser.pol
[2012/02/21 15:16:14 | 000,085,064 | ---- | C] () -- C:\Windows\System32\drivers\NEOFLTR_710_19525.SYS
[2011/09/06 22:03:36 | 000,331,344 | ---- | C] () -- C:\Windows\System32\drivers\KmxCfg.sys
[2011/08/27 21:17:49 | 000,001,014 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\Coby Media Manager.ini
[2011/08/27 21:17:49 | 000,000,078 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\Comet Lite.ini
[2011/08/16 21:51:52 | 000,061,678 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\PFP100JPR.{PB
[2011/08/16 21:51:52 | 000,012,358 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\PFP100JCM.{PB
[2011/07/27 19:31:08 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2011/07/27 19:28:50 | 001,422,672 | ---- | C] () -- C:\Windows\System32\cfgmig32.dll
[2011/07/27 19:27:43 | 002,760,720 | ---- | C] () -- C:\Windows\System32\svcprs32.exe
[2011/07/27 19:27:42 | 004,108,304 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2011/07/27 19:27:42 | 003,207,184 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2011/07/27 19:27:42 | 001,744,912 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2011/07/27 19:27:42 | 000,098,320 | ---- | C] () -- C:\Windows\System32\winsfinst.exe
[2011/07/27 18:57:32 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/27 18:57:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/27 18:44:13 | 000,304,640 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys
[2011/07/27 18:44:09 | 000,146,432 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys
[2011/07/27 18:44:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys
[2011/07/27 18:44:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys
[2011/07/27 18:44:02 | 000,213,504 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/07/27 18:44:02 | 000,105,984 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/07/27 18:44:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/07/27 18:43:58 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/07/27 18:43:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/07/27 18:43:46 | 002,042,368 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2011/07/27 18:43:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\csrsrv.dll
[2011/07/27 18:43:40 | 000,292,864 | ---- | C] () -- C:\Windows\System32\atmfd.dll
[2011/02/08 05:22:46 | 000,030,720 | ---- | C] () -- C:\Users\Katiuscia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/08 03:29:38 | 000,000,680 | ---- | C] () -- C:\Users\Katiuscia\AppData\Local\d3d9caps.dat
[2010/07/20 11:30:58 | 007,579,648 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\encoder.exe
[2010/07/20 11:30:58 | 001,015,808 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-imgtools.dll
[2010/07/20 11:30:58 | 000,311,296 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-mtplib.dll
[2010/07/20 11:30:58 | 000,118,784 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-fsinfo.dll
[2010/07/20 11:30:58 | 000,098,304 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-fwact.dll
[2010/07/20 11:30:58 | 000,094,208 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\akrip.dll
[2010/07/20 11:30:58 | 000,089,088 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-utils.dll
[2010/07/20 11:30:58 | 000,081,920 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-fwsig.dll
[2010/07/20 11:30:54 | 002,879,589 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\dd-rsc.jar
[2010/07/20 11:30:42 | 002,357,691 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\digdash.jar
[2010/07/20 11:30:06 | 000,005,194 | ---- | C] () -- C:\Users\Katiuscia\AppData\Roaming\bootloader.jar

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 22:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/27 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\Coby Media Manager
[2011/06/26 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\FrostWire
[2011/10/06 23:06:12 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\HTC
[2011/03/29 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/08/27 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\jre
[2011/07/27 22:52:46 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\Juniper Networks
[2011/08/27 21:16:02 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\lib
[2011/08/27 21:16:04 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\licenses
[2011/02/09 00:49:37 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\ooVoo Details
[2012/07/06 13:45:42 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\OpenCandy
[2011/08/27 21:16:00 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\resources
[2012/03/02 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\TechWizard
[2011/08/01 21:21:26 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\Teleca
[2012/07/25 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\tempupdate

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 7/19/2013 4:38:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katiuscia\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.45% Memory free
4.21 Gb Paging File | 3.82 Gb Available in Paging File | 90.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 25.08 Gb Free Space | 18.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.85 Gb Free Space | 58.48% Space Free | Partition Type: NTFS

Computer Name: KATIUSCIA-PC | User Name: Katiuscia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C510A6-5E5D-4CB4-89D4-BCFAEF8C27DF}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{226AA4F7-8A9E-4C60-A5E1-F8EAEB4F12DE}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{2684697A-FF3A-4348-83A8-06C9114E3025}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A826CB0-7B91-4532-9AF0-BBA69EC23557}" = rport=138 | protocol=17 | dir=out | app=system |
"{36CC41F9-62E1-4458-847C-0FF400C535EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{570CC6DF-7D45-4EE5-941C-DBB3CB8B3A18}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{5BC31697-30CD-4631-B057-79CBC341AA0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EDDEC27-CE73-4D65-BF7A-9D9E9059620A}" = lport=138 | protocol=17 | dir=in | app=system |
"{76DC9405-F32C-4D60-ABE0-B03A6B30AC6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{817D2FED-F791-4E3F-83A8-4967AE53FE7A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{848E25D8-B203-43C3-82A3-548A60011BC5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9002F72C-1F9E-48A8-8608-83410AC930E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A121D953-7E00-48EA-B81A-5AD12B1D2E1F}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5A8067A-8595-4BE5-975F-624C46609B2B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C07F0609-8431-453C-AA1D-4367C1217160}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5986258-8E1F-4134-81F9-F993A8C78FA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C751324C-7011-4C10-901D-15F38646B4D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0EEBA65-5183-4609-A167-3FC168EC2206}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{D3CD90CD-A09D-49A9-8A2F-2AF51F002F4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1C279EE-B8AC-4594-9005-02102A0334EC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E75F3534-E2F0-42B0-AE7E-6D86CD780C5E}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8E6A505-A73B-41C2-8BF0-088F29708390}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6BA6EF5-F2D3-44B3-A3DF-126090DA1B33}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A3A9652-5778-48BD-9ABD-D755FB8C3FA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AC9268E-A43A-4DC3-AFF1-7C418A5D4BDD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{35EA9916-C9F2-4C6F-BA92-D62B884BC4D9}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{37B89441-9FAB-43A9-A6C1-5CFCA102AEA1}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{3DB43220-E71A-49AA-B830-00353B5B1CCE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{46B4E96D-BA86-4695-8ABB-E76E06D2FD0C}" = protocol=58 | dir=out | [email protected],-28546 |
"{48D2DC44-9AAF-4656-AA80-ED2767236330}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{48E10683-62C5-4E42-9747-B7C805CD001B}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{4C8243EE-3BF6-4E3C-BFBA-AAB2908F96DB}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{4E9D1A8A-6FC5-4A52-9F50-1E8AEFDFDEC0}" = dir=in | app=c:\users\katiuscia\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{51BDCBE1-2236-4F18-B04E-BCDB4D2C3808}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{62D3AE4D-F8BE-4A56-AE69-48127041CA85}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{638A9FC7-05B1-4012-8234-72B19701C84B}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{74CCBC32-74D2-4993-998D-0D33764BFD5F}" = dir=in | name=core networking - system ip core |
"{7690AA65-B7F0-423B-9DCC-4FF8D040EFB0}" = protocol=1 | dir=in | [email protected],-28543 |
"{9DC01399-BF25-43A9-9D36-522C161DB624}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EE5CEDF-9910-4886-BD9A-4DC9A8B6C4B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A26EAFA3-9A88-48EC-BED0-C94053E77F00}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A3FFF2A5-B797-44F9-85BE-43CEDDD0231B}" = protocol=1 | dir=out | [email protected],-28544 |
"{B24776B8-34BB-429C-BDBA-96E2A539175D}" = dir=out | name=core networking - system ip core |
"{ED4C8D9D-44C6-4610-93D3-D53972C1CD47}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{F9B1E738-CB33-4815-940B-BA2E649CAF2D}" = protocol=58 | dir=in | [email protected],-28545 |
"{FE9BB79B-874E-4A07-8CE3-86A7ECE322BF}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{A5D1FF4B-D30F-4BD5-B80E-BEE4520C54E0}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{CAAD59CC-BBE5-4FF7-B906-7CD8F6D1F520}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1F01F850-02FB-4F7F-833B-63FADC173429}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4DD22314-30AD-4516-AE73-FCB305BF34F6}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{9A4F58EC-AA61-4382-81B3-80971396F851}" = Coby Media Manager
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CAAPH2" = APH placeholder
"Dell V310-V510 Series" = Dell V310-V510 Series
"eTrust Suite Personal" = Total Defense Internet Security Suite
"HDMI" = Intel® Graphics Media Accelerator Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"WordPerfect Office 2002" = WordPerfect Office 2002

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2013 1:13:43 PM | Computer Name = Katiuscia-PC | Source = ESENT | ID = 455
Description = Windows (824) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 7/19/2013 1:13:43 PM | Computer Name = Katiuscia-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 7/19/2013 1:13:43 PM | Computer Name = Katiuscia-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 7/19/2013 1:50:41 PM | Computer Name = Katiuscia-PC | Source = ESENT | ID = 489
Description = Windows (484) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 7/19/2013 1:50:41 PM | Computer Name = Katiuscia-PC | Source = ESENT | ID = 455
Description = Windows (484) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 7/19/2013 1:50:51 PM | Computer Name = Katiuscia-PC | Source = ESENT | ID = 489
Description = Windows (484) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 7/19/2013 1:50:51 PM | Computer Name = Katiuscia-PC | Source = ESENT | ID = 455
Description = Windows (484) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 7/19/2013 1:50:51 PM | Computer Name = Katiuscia-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 7/19/2013 1:50:51 PM | Computer Name = Katiuscia-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 7/19/2013 4:14:29 PM | Computer Name = Katiuscia-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 10/22/2011 10:19:06 PM | Computer Name = Katiuscia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 10/22/2011 10:19:06 PM | Computer Name = Katiuscia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 10/22/2011 10:19:10 PM | Computer Name = Katiuscia-PC | Source = HTTP | ID = 15016
Description =

Error - 10/22/2011 10:20:04 PM | Computer Name = Katiuscia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/22/2011 10:20:04 PM | Computer Name = Katiuscia-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/23/2011 2:39:12 AM | Computer Name = Katiuscia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 10/23/2011 2:39:12 AM | Computer Name = Katiuscia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 10/24/2011 7:23:11 PM | Computer Name = Katiuscia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 10/24/2011 7:23:11 PM | Computer Name = Katiuscia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 10/24/2011 7:23:18 PM | Computer Name = Katiuscia-PC | Source = HTTP | ID = 15016
Description =


< End of report >
  • 0

#11
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Boot you computer in Safe Mode.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2013/01/29 22:22:10 | 000,147,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Installer\{0DA877D9-6A8D-559A-728E-8F23523B1E8C}\syshost.exe -- (syshost32)
    SRV - [2012/12/14 23:26:56 | 000,060,416 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\fb2ce14d558daf29.sys -- (fb2ce14d558daf29)
    DRV - [2013/05/22 20:48:09 | 000,009,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\10987 -- (10987)
    DRV - [2012/12/14 23:26:56 | 000,060,416 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\fb2ce14d558daf29.sys -- (fb2ce14d558daf29)
    DRV - [2012/09/30 18:56:03 | 000,009,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\20740 -- (20740)
    O4 - HKCU..\Run: [DisplaySwitch] C:\ProgramData\DisplaySwitch.exe ()
    [2012/12/14 23:25:22 | 000,012,166 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2012/12/14 23:25:21 | 000,012,166 | -HS- | C] () -- C:\Users\Katiuscia\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2012/12/14 23:24:39 | 000,217,280 | -HS- | C] () -- C:\Users\Katiuscia\AppData\Local\qlu.exe
    [2012/07/25 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\tempupdate
    [2012/07/06 13:45:42 | 000,000,000 | ---D | M] -- C:\Users\Katiuscia\AppData\Roaming\OpenCandy
    
    :Files
    C:\Windows\Installer\{0DA877D9-6A8D-559A-728E-8F23523B1E8C}
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC in Normal mode when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP