Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 Error Msg - Module Failed To Load [Closed] [Solved]


  • This topic is locked This topic is locked

#1
angiekae68

angiekae68

    Member

  • Member
  • PipPip
  • 25 posts
Hello :) I am working on a friend's computer running Windows 7 Home Premium. It was in sad shape. Removed numerous trojans and other malware, toolbars, adware, etc. Everything seems to work fine now, but I keep getting this error message when I boot up:

"The module 'C:/Users/langford/AppData/Local/M.../powdayrg.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files. The specified module could not be found."

Any ideas what to do?

Thanks for all help! :)

Here are the results from the OTL scan (Let me know if you need the text from the "Extras" text, also.)

OTL logfile created on: 8/2/2013 1:59:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\langford\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.42% Memory free
7.90 Gb Paging File | 6.05 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 235.91 Gb Free Space | 83.37% Space Free | Partition Type: NTFS

Computer Name: LANGFORD-PC | User Name: langford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/02 01:57:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\langford\Desktop\OTL.exe
PRC - [2013/08/01 20:21:09 | 002,285,232 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/08/01 20:21:09 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/08/01 20:21:09 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/12/11 05:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 01:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 15:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/01 20:21:09 | 002,285,232 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/08/01 20:21:09 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/08/01 20:21:09 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/07/24 19:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 19:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 19:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 19:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 19:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 19:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/01 20:35:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/01 20:21:09 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2012/11/16 01:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 15:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/28 05:33:14 | 000,821,664 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2010/01/10 00:18:00 | 000,149,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/03 01:23:38 | 000,209,768 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/03 01:23:32 | 000,483,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/01 20:21:09 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/11/16 01:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 15:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 05:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 05:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 05:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 05:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 05:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/04 23:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 20:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/09 14:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/03 01:23:38 | 000,022,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/03 01:23:34 | 000,025,960 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/03 01:23:32 | 000,269,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/03 01:23:26 | 000,721,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {979A2E00-A291-4B57-8EF3-4B792024E63D}
IE:64bit: - HKLM\..\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...F-00266CEFE064}
IE - HKLM\..\SearchScopes,DefaultScope = {6BD43BBC-791D-4356-A30D-097A0A473EEA}
IE - HKLM\..\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{163E7243-2DE3-402E-88A5-0C72673657C4}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{6BD43BBC-791D-4356-A30D-097A0A473EEA}: "URL" = http://search.condui...3362614686&UM=2
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....pr&d=2013-07-07 14:54:38&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}: "URL" = http://www.google.co...1I7TSNP_enUS485
IE - HKCU\..\SearchScopes\{B011BF70-68CF-4F51-BA4F-03F68BC52019}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11 [2013/06/29 23:33:47 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://start.toshiba.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live-? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

O1 HOSTS File: ([2013/08/01 19:39:14 | 000,449,438 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Microsoft] C:\windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msztst16] C:\Users\langford\AppData\Roaming\msztst16\msztst16.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF27DDF6-72E8-4E01-B94A-27D2992432DD}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/02 01:57:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\langford\Desktop\OTL.exe
[2013/08/01 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/08/01 20:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/08/01 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/08/01 19:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/08/01 19:33:46 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/08/01 19:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/08/01 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Roaming\Malwarebytes
[2013/08/01 17:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/01 17:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/01 17:39:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/08/01 17:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/01 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\langford\Desktop\Angie's Programs To Scan Laptop With (Please do not delete)
[2013/07/07 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/07 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Roaming\AVG2013
[2013/07/07 16:54:52 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Roaming\TuneUp Software
[2013/07/07 16:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/07 16:53:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/07/07 16:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/07/07 16:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/07/07 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/07 16:48:25 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Local\MFAData
[2013/07/07 16:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/07/07 16:48:25 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Local\Avg2013
[2013/07/07 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/07/07 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Local\CRE
[2013/07/07 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Roaming\DefaultTab
[2013/07/07 16:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/07/07 11:13:30 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/07/05 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\langford\AppData\Roaming\msztst16
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/02 02:01:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/02 01:58:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/02 01:57:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\langford\Desktop\OTL.exe
[2013/08/02 01:51:26 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 01:51:26 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 01:44:14 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/02 01:44:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/02 01:43:59 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 22:22:52 | 004,109,584 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/01 22:22:52 | 001,320,838 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/01 22:22:52 | 000,005,372 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/01 22:15:28 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/08/01 20:21:09 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/08/01 20:16:21 | 000,036,830 | ---- | M] () -- C:\Users\langford\Documents\cc_20130801_201614.reg
[2013/08/01 20:06:54 | 000,000,143 | ---- | M] () -- C:\windows\wininit.ini
[2013/08/01 19:39:14 | 000,449,438 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/08/01 19:34:00 | 000,000,656 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/08/01 19:34:00 | 000,000,628 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/08/01 19:34:00 | 000,000,458 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/07 16:48:16 | 000,000,258 | RHS- | M] () -- C:\Users\langford\ntuser.pol
[2013/07/07 16:12:33 | 000,000,000 | ---- | M] () -- C:\Users\langford\msconfig.exe
[2013/07/07 16:12:32 | 000,000,000 | ---- | M] () -- C:\Users\langford\opera.exe
[2013/07/07 16:12:32 | 000,000,000 | ---- | M] () -- C:\Users\langford\jucheck.exe
[2013/07/07 16:12:31 | 000,000,000 | ---- | M] () -- C:\Users\langford\chrome.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/01 20:23:14 | 000,275,712 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/08/01 20:16:18 | 000,036,830 | ---- | C] () -- C:\Users\langford\Documents\cc_20130801_201614.reg
[2013/08/01 20:06:54 | 000,000,143 | ---- | C] () -- C:\windows\wininit.ini
[2013/08/01 19:34:00 | 000,000,656 | ---- | C] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/08/01 19:34:00 | 000,000,628 | ---- | C] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/08/01 19:34:00 | 000,000,458 | ---- | C] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/08/01 19:33:50 | 000,001,402 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/07/07 16:48:16 | 000,000,258 | RHS- | C] () -- C:\Users\langford\ntuser.pol
[2013/07/07 16:12:33 | 000,000,000 | ---- | C] () -- C:\Users\langford\msconfig.exe
[2013/07/07 16:12:32 | 000,000,000 | ---- | C] () -- C:\Users\langford\opera.exe
[2013/07/07 16:12:32 | 000,000,000 | ---- | C] () -- C:\Users\langford\jucheck.exe
[2013/07/07 16:12:31 | 000,000,000 | ---- | C] () -- C:\Users\langford\chrome.exe
[2013/02/09 13:56:13 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/07 08:37:27 | 009,112,168 | ---- | C] () -- C:\windows\SysWow64\RtsUStoricon.dll
[2012/01/07 08:33:52 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\langford\AppData\Local\Temp\sqfowbs\sbtqrrj\wow64.dll

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/01 00:25:18 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\Atari
[2013/07/07 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\AVG2013
[2012/03/15 21:33:43 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\Awem
[2013/06/07 01:27:18 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\Book Place
[2013/07/07 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\DefaultTab
[2013/07/05 22:01:09 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\msztst16
[2012/07/03 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\PCCUStubInstaller
[2012/03/01 01:55:40 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\Tific
[2012/02/29 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\Toshiba
[2013/02/10 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\TP
[2013/07/07 16:54:52 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\TuneUp Software
[2012/02/29 21:28:51 | 000,000,000 | ---D | M] -- C:\Users\langford\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi angiekae68 and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

Step 1:
Run again OTL. Hit None button and copy and paste this into the Custom Scans/Fixes box, and hit Run Scan:

regsvr32.exe /md5

Post the log that launches along with the fix log.

Step 2:
Find Extras.txt on your desktop and post the content.
  • 0

#3
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, thank you :) I'll do that now.
  • 0

#4
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, I did as you asked, but I don't see a "Fix" text. Am I suppose to click "Run Fix" after the scan completed?

Here is the new OTL text:

OTL logfile created on: 8/2/2013 2:42:31 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\langford\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.08% Memory free
7.90 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 238.92 Gb Free Space | 84.44% Space Free | Partition Type: NTFS

Computer Name: LANGFORD-PC | User Name: langford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< regsvr32.exe /md5 >

< End of report >


And here is the "Extras" text that was on my desktop from before:


OTL Extras logfile created on: 8/2/2013 1:59:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\langford\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.42% Memory free
7.90 Gb Paging File | 6.05 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 235.91 Gb Free Space | 83.37% Space Free | Partition Type: NTFS

Computer Name: LANGFORD-PC | User Name: langford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000D7A3B-D750-401B-ABCE-EB1DCC9E8E52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{054E7229-5199-44F5-9F4F-7A0726360B55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{18EB6515-75DC-4598-B189-55053CB1516D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D25D7F2-E20C-43ED-B909-DCDE91FB1661}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1DA4C7A8-B72D-4AD6-BB7C-D738E37CDA9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{26BA814C-25EB-4461-BACF-3C6556693A14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49568992-E9B5-4354-913C-86FB441283DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F8C5098-3E4A-4BD5-8CF0-C60A6F07A67F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5969E8D1-9765-4196-9623-B6AC05C6637B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{729F9253-55BF-4996-A563-05D91394689E}" = lport=138 | protocol=17 | dir=in | app=system |
"{73A78E6E-D34E-4891-93C1-7E1AB2FCB2BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79A2A64F-CF4C-4A6C-A2A4-560674F9BB36}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C4DF72E-902B-44F3-9EE5-E3747CFD9675}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{848BAD68-11E5-45E9-B2B1-5957DBF86E87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{907D260C-DBF2-44EC-BCB9-34A254FBF1ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{9C6FBEDA-7590-4052-B544-ED0C2AB3038A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B71647AC-B7B6-4000-8660-BE6DB3EB97F2}" = lport=139 | protocol=6 | dir=in | app=system |
"{C972D30F-062A-4C0D-A238-2754A8AE6B77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CA72175B-00F4-4D4D-BA07-C2A06B09AA5F}" = rport=139 | protocol=6 | dir=out | app=system |
"{D11D3945-965B-4B2C-B094-5E95AF990091}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4AD8482-1356-4C38-BF4D-391D7BF638BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E7271E56-7460-4301-8CE0-05A224E8292B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5E4E009-36C4-4778-BC67-754EF11AFC3D}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD28100-31E9-4538-B4F6-45605B7C333C}" = protocol=1 | dir=in | [email protected],-28543 |
"{0EE372C8-3B85-44D2-A811-E7B47CFA693D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F60EFF4-EFD8-4BC4-B6DD-B7B0A8D45E98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24C77CDC-232D-4D16-B6C0-C08E125F7839}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{258001C0-DB0D-4D48-A665-8402C5DBC31B}" = protocol=6 | dir=out | app=system |
"{2BE35356-A3A1-47BC-BF71-D7A4472A4A7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5655F1EC-9978-4F41-8AD0-59F885D22A6A}" = protocol=58 | dir=out | [email protected],-28546 |
"{5C410DED-EE02-4E47-A358-A7FA13C1DFB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AC74B7B-70A2-4A97-8992-FAF732711A36}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6E0A88F2-E786-40F8-B485-EE45C543DC85}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{771CC728-B1DA-4545-A5B5-E428C8B9E49F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7801A2C7-0975-4367-ADC3-E1C837CDB92C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{81D30E0C-AE10-4E27-8E6C-735450B50A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{84941543-0F2E-406F-AF58-1D1B42A8CA6B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A02ECD69-71CD-44BF-8829-EE0CEA77E36D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A4C01FE1-C445-4227-BCDB-E433A4D908DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6FB2119-EFFF-4CC3-96F9-FD3A72442365}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A82CF133-02DC-4F5C-A465-FB2749941617}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEF02960-F9B8-4147-B28B-1F82B8DBA5E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AF7A12E5-2F3F-4899-A670-BA269129EE5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8CB0032-4F36-456D-952C-09A44D9A80E0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BA8B5BEF-06E8-4D7B-B384-1055DE15627D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D1971578-BC8E-4A81-8F59-8C89D0238898}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2C4AD58-909A-49EA-94B3-250F220CA858}" = protocol=1 | dir=out | [email protected],-28544 |
"{E593AD1C-5880-4F46-BF78-8A1203DCB383}" = protocol=58 | dir=in | [email protected],-28545 |
"{E79C1844-AE35-4099-9C5D-C346B827128F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB8FB141-4870-49EF-8A4C-D22237CAB4BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{EF643A09-3FBB-4019-9902-094D80848B95}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FCA5F6EA-3EF5-4F97-BE25-44D6AF25DDA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFA50E2B-C9A5-4049-9D94-136E5DEB90BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4A112B1F-AA7D-41B8-A329-5E9564B5DAC2}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
"UDP Query User{4A202313-665D-452E-B286-27EA0C7EC006}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}" = AVG 2013
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DefaultTab" = DefaultTab
"DMUninstaller" = DMUninstaller
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NortonPCCheckup" = Toshiba Laptop Checkup
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-02ffa46c-41cb-4703-8b15-1e0f748e41b4" = FATE - The Traitor Soul
"WTA-1a44fd0c-3c74-4204-94ed-6ab745b46100" = RollerCoaster Tycoon 3: Platinum
"WTA-1b0e9d86-7837-4040-86b7-e55949b5fb2a" = Plants vs. Zombies - Game of the Year
"WTA-3331a70c-3d20-479b-bfe7-34e1f24ed91a" = Letters from Nowhere 2
"WTA-3d8f6b46-ee41-4278-91fe-d0d74481e9e7" = Zuma's Revenge
"WTA-6b950000-43b7-4782-85cb-6d2c73025a57" = Bejeweled 3
"WTA-792b66d9-075a-43b2-ba5f-0f6e1a7f0ac4" = Tales of Lagoona
"WTA-d72504fd-158d-403d-ac25-7a57f51b9e63" = Penguins!
"WTA-f65f3d08-b1d3-4bae-8009-d68860c7813a" = Polar Bowler

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2013 7:55:13 PM | Computer Name = langford-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 6/20/2013 7:56:25 PM | Computer Name = langford-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/20/2013 8:45:15 PM | Computer Name = langford-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/21/2013 9:36:43 PM | Computer Name = langford-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 6/21/2013 9:37:55 PM | Computer Name = langford-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2013 9:41:54 PM | Computer Name = langford-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 6/21/2013 9:41:54 PM | Computer Name = langford-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/21/2013 11:39:49 PM | Computer Name = langford-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 6/21/2013 11:39:49 PM | Computer Name = langford-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/21/2013 11:49:28 PM | Computer Name = langford-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 7/4/2013 8:14:00 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7001
Description = The Application Virtualization Client service depends on the Sftfs
service which failed to start because of the following error: %%1068

Error - 7/4/2013 8:14:00 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7000
Description = The Sftplay service failed to start due to the following error: %%193

Error - 7/4/2013 8:14:00 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Service Agent service failed to start
due to the following error: %%216

Error - 7/4/2013 8:14:11 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 7/5/2013 10:54:19 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7000
Description = The Sftvol service failed to start due to the following error: %%193

Error - 7/5/2013 10:54:27 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7001
Description = The Sftfs service depends on the Sftvol service which failed to start
because of the following error: %%193

Error - 7/5/2013 10:54:27 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7001
Description = The Application Virtualization Client service depends on the Sftfs
service which failed to start because of the following error: %%1068

Error - 7/5/2013 10:54:27 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7000
Description = The Sftplay service failed to start due to the following error: %%193

Error - 7/5/2013 10:54:27 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Service Agent service failed to start
due to the following error: %%216

Error - 7/5/2013 10:54:38 PM | Computer Name = langford-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068


< End of report >
  • 1

#5
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Sorry, I made mistake on custom scan.

Step 1:
Run again OTL. Hit None button and copy and paste this into the Custom Scans/Fixes box, and hit Run Scan:

/md5start
regsvr32.exe
/md5stop

Post the log that launches
  • 0

#6
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
No problem :) Doing that now.
  • 0

#7
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, did as you asked. Here is the newest OTL text:

OTL logfile created on: 8/2/2013 3:26:20 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\langford\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.50% Memory free
7.90 Gb Paging File | 5.93 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 238.93 Gb Free Space | 84.44% Space Free | Partition Type: NTFS

Computer Name: LANGFORD-PC | User Name: langford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: REGSVR32.EXE >
[2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=432BE6CF7311062633459EEF6B242FB5 -- C:\Windows\SysWOW64\regsvr32.exe
[2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=432BE6CF7311062633459EEF6B242FB5 -- C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_782d737490d72da3\regsvr32.exe
[2009/07/13 20:39:29 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=59BCE9F07985F8A4204F4D6554CFF708 -- C:\windows\SysNative\regsvr32.exe
[2009/07/13 20:39:29 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=59BCE9F07985F8A4204F4D6554CFF708 -- C:\Windows\winsxs\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_d44c0ef849349ed9\regsvr32.exe

< End of report >
  • 0

#8
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Am I suppose to click "Run Fix" after the scan completed?

Now it's time to fixing. System looks like there was infection. Tidy time.
Step 1:
OTL fix:
Please copy following script:

:commands
[createrestorepoint]

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {979A2E00-A291-4B57-8EF3-4B792024E63D}
IE:64bit: - HKLM\..\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...F-00266CEFE064}
IE - HKLM\..\SearchScopes,DefaultScope = {6BD43BBC-791D-4356-A30D-097A0A473EEA}
IE - HKLM\..\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{163E7243-2DE3-402E-88A5-0C72673657C4}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{6BD43BBC-791D-4356-A30D-097A0A473EEA}: "URL" = http://search.condui...3362614686&UM=2
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [msztst16] C:\Users\langford\AppData\Roaming\msztst16\msztst16.dll ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
[2013/07/07 16:12:33 | 000,000,000 | ---- | M] () -- C:\Users\langford\msconfig.exe
[2013/07/07 16:12:32 | 000,000,000 | ---- | M] () -- C:\Users\langford\jucheck.exe
[2013/07/07 16:12:31 | 000,000,000 | ---- | C] () -- C:\Users\langford\chrome.exe
[2013/07/07 16:12:32 | 000,000,000 | ---- | C] () -- C:\Users\langford\opera.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft"=-
[-HKEY_CURRENT_USER\Software\Wow6432Node\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_CURRENT_USER\Software\Wow6432Node\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
""="C:\Windows\SysNative\wbem\fastprox.dll"

:files
C:\Users\langford\AppData\Roaming\msztst16
C:\Program Files (x86)\Conduit
C:\Users\langford\AppData\Local\Temp\sqfowbs

:commands
[emptytemp]


Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

Step 2:
Download AdwCleaner to your desktop.
  • run AdwCleaner and select Scan
  • when it has finished a log will be showed, please copy content and post in next replay

Step 3:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next post I want to see:
  • OTL fixing log
  • AdwCleaner log
  • FSS log

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, I did as you said. Here are the 3 logs you asked for:

OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{979A2E00-A291-4B57-8EF3-4B792024E63D}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{979A2E00-A291-4B57-8EF3-4B792024E63D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{979A2E00-A291-4B57-8EF3-4B792024E63D}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{163E7243-2DE3-402E-88A5-0C72673657C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{163E7243-2DE3-402E-88A5-0C72673657C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BD43BBC-791D-4356-A30D-097A0A473EEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD43BBC-791D-4356-A30D-097A0A473EEA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msztst16 deleted successfully.
C:\Users\langford\AppData\Roaming\msztst16\msztst16.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
C:\Users\langford\msconfig.exe moved successfully.
C:\Users\langford\jucheck.exe moved successfully.
C:\Users\langford\chrome.exe moved successfully.
C:\Users\langford\opera.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Wow6432Node\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32\ not found.
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32\\""|"C:\Windows\SysNative\wbem\fastprox.dll" /E : value set successfully!
========== FILES ==========
C:\Users\langford\AppData\Roaming\msztst16 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
Folder move failed. C:\Users\langford\AppData\Local\Temp\sqfowbs scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: langford
->Temp folder emptied: 118673625 bytes
->Temporary Internet Files folder emptied: 242296 bytes
->Java cache emptied: 161751 bytes
->Google Chrome cache emptied: 12426509 bytes
->Flash cache emptied: 57007 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8203870 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 141836 bytes

Total Files Cleaned = 134.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08112013_204950

Files\Folders moved on Reboot...
File\Folder C:\Users\langford\AppData\Local\Temp\sqfowbs not found!
C:\Users\langford\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\langford\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\avg_secure_search.log scheduled to be moved on reboot.
File move failed. C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
_____________________________________________________________

AdwCleaner Log

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 21:01:28
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : langford - LANGFORD-PC
# Boot Mode : Normal
# Running from : C:\Users\langford\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Users\langford\AppData\Local\unitlayers
Folder Found : C:\Users\langford\AppData\LocalLow\Conduit
Folder Found : C:\Users\langford\AppData\LocalLow\PriceGong
Folder Found : C:\Users\langford\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-324890243-2637177967-548934447-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6832 octets] - [11/08/2013 21:01:28]

########## EOF - C:\AdwCleaner[R1].txt - [6892 octets] ##########

________________________________________________________________________

FSS Log

Farbar Service Scanner Version: 04-08-2013
Ran by langford (administrator) on 11-08-2013 at 21:04:47
Running from "C:\Users\langford\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#11
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I'm unsure as to why this shows that I posted this at 10:50pm last night. I actually posted it just a few hours ago.
  • 0

#12
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hope you feel alright now :)

Step 1:
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be showed, please copy content and post in next replay

Step 2:
Eset Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 / 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    Posted Image
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Do not remove any founds.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 3:
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Before you finished, on Completing the Malwarebytes Anti-Malware Setup Wizard tab untick Enable free trial of Malwarebytes Anti-Malware PRO

Posted Image

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

In next post I want to see:
  • AdwCleaner removal log
  • Eset Online Scanner log
  • MBAM log

How the computer is running now?
  • 0

#13
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I am feeling much better, thank you :) And, the laptop is, too lol. No more error message about the RegSvr :)

I'll do as you asked now and post the logs when finished.

Thanks so much for all of your help!
  • 0

#14
angiekae68

angiekae68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, here are the logs you asked for:

AdwCleaner Log:

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 16:24:44
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : langford - LANGFORD-PC
# Boot Mode : Normal
# Running from : C:\Users\langford\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Users\langford\AppData\Local\unitlayers
Folder Deleted : C:\Users\langford\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\langford\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\langford\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6945 octets] - [11/08/2013 21:01:28]
AdwCleaner[R2].txt - [7005 octets] - [13/08/2013 16:21:30]
AdwCleaner[S1].txt - [6954 octets] - [13/08/2013 16:24:44]

########## EOF - C:\AdwCleaner[S1].txt - [7014 octets] ##########

__________________________________________________________________

ESET Online Scanner log and the log of what it found and quarantined:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application cleaned by deleting - quarantined
C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Users\jkbmgfgogidhgeflnlngdbdaolblinab\background.js Win32/TrojanDownloader.Tracur.AH trojan cleaned by deleting - quarantined
C:\Users\langford\AppData\Local\Google\Chrome\User Data\Default\Users\jkbmgfgogidhgeflnlngdbdaolblinab\cs.js Win32/TrojanDownloader.Tracur.AH trojan cleaned by deleting - quarantined

__________________________________________________________________

MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
langford :: LANGFORD-PC [administrator]

8/13/2013 6:02:13 PM
mbam-log-2013-08-13 (18-02-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212078
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#15
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
OK, there is one more script and prevention actions. Please do following updates to increase security:

Step 1:
OTL fix:
Please copy following script:

:files
C:\Program Files\Uninstaller


Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. OTL will display removing log, please post it.

Step 2:
Download and install Internet Explorer 10
Note:
If english is not your system language, please type Internet Explorer 10 in google and download from Microsoft site proper version.

Step 3:
Security upadtes:
Please go to Start Menu -> Control Panel -> Programs and Features and remove following programs:
  • Java™ 6 Update 25
  • Adobe Reader X MUI
  • Adobe Flash Player 11 Plugin
  • Adobe Flash Player 11 ActiveX


Be adviced that security experts recommends to turn off Java. However if you decide you must use Java, download and install new version from Java.com

Warning.
Remember to install only software that you need. Adobe installators often install another software by default. Always check what you are installing. Unckeck optional software install:

Posted Image


I like first one

Adobe Flash description:
Active X version is for Internet Explorer. Plug-in for others.
32/64 bit: In most cases 32-bit version is the best choice. 64-bit Adobe Flash will work in 64-bit browswers. For now 32-bit Adobe Flash version with 32-bit browser on 64-bit OS is still good choice.

Step 4:
Posted ImageOTL Quick Scan

Run OTL again:

Posted Image

and hit Quick Scan button:

Posted Image

This scan won't take long. Please post log in next replay.


In your next post I want to see:
  • OTL removal log
  • OTL quick scan log.

Do you think something is wrong?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP