Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slick Savings by Spigot Installed


  • Please log in to reply

#1
carlfifank

carlfifank

    Member

  • Member
  • PipPip
  • 14 posts
Hi all,

I downloaded and installed Vuze from CNET, and that installed Slick Savings and a Vuze toolbar by Spigot. I used Program Manager to uninstall Vuze, Slick Savings and the toolbar. I ran Malawarebytes and it found 5 trojan files, which it deleted. I ran it again upon restart and nothing else was found.

Below are the 2 logs that OTC created, OTC.txt and Extras.txt

Thanks for your help.

OTC.txt

OTL logfile created on: 8/16/2013 10:02:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vishwas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 42.97% Memory free
5.72 Gb Paging File | 4.00 Gb Available in Paging File | 69.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 137.51 Gb Free Space | 61.66% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.67 Gb Free Space | 16.92% Space Free | Partition Type: NTFS

Computer Name: VISHWAS-PC | User Name: vishwas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/16 22:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vishwas\Desktop\OTL.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/04/19 16:44:18 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/04/19 16:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/04/19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxczcoms.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 20:49:45 | 013,599,184 | ---- | M] () -- C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/11 22:21:20 | 001,021,440 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter_intl.dll
MOD - [2009/08/11 22:19:04 | 000,797,184 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter.ax


========== Services (SafeList) ==========

SRV - [2013/06/21 10:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/11 20:09:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/08/16 21:47:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/07/16 19:38:16 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 20:14:49 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130816.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/31 20:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/31 20:14:49 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130816.016\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 21:21:36 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2013/02/15 17:29:22 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130810.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/08 22:38:03 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/27 23:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 22:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 15:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 15:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{047725AF-524F-470B-A5BE-38D6D75FFB09}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1778781A-BFD7-48C6-A622-04F08C66E2CD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1778781A-BFD7-48C6-A622-04F08C66E2CD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vishwas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vishwas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 14:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/08/16 21:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/17 12:28:20 | 000,000,000 | ---D | M]

[2013/05/27 19:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/27 19:53:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\vishwas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: YouTube = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_05\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bech...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0097ACB6-4C33-4729-B58C-64B570DAB289}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5995D1E-F275-4585-8286-F90D0A34D53E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 14:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/16 22:01:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vishwas\Desktop\OTL.exe
[2013/08/16 21:47:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/16 20:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/08/16 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\vishwas\.swt
[2013/08/16 20:03:18 | 000,000,000 | ---D | C] -- C:\Users\vishwas\AppData\Local\Slick Savings
[2013/08/16 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/08/16 20:01:56 | 000,000,000 | ---D | C] -- C:\Users\vishwas\AppData\Roaming\Azureus
[2013/08/13 20:45:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

========== Files - Modified Within 30 Days ==========

[2013/08/16 22:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vishwas\Desktop\OTL.exe
[2013/08/16 21:47:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/16 21:40:21 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/16 21:40:21 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/16 21:40:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/16 21:40:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/16 21:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/16 21:39:40 | 2951,065,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/16 21:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/16 20:39:05 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1485438164-1664767260-3697909283-1000UA.job
[2013/08/16 20:03:14 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/08/16 20:03:14 | 000,000,000 | ---- | M] () -- C:\prefs.js
[2013/08/16 18:39:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1485438164-1664767260-3697909283-1000Core.job
[2013/08/14 21:05:37 | 002,205,795 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\Cat.DB
[2013/08/13 20:39:36 | 000,604,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/13 20:39:35 | 000,104,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/07 18:15:26 | 000,028,853 | ---- | M] () -- C:\Users\vishwas\Desktop\download (1).jpg
[2013/08/07 18:13:04 | 000,028,997 | ---- | M] () -- C:\Users\vishwas\Desktop\download.jpg
[2013/08/01 15:49:59 | 000,002,094 | ---- | M] () -- C:\Users\vishwas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/18 17:56:22 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\VT20130115.021

========== Files Created - No Company Name ==========

[2013/08/16 20:03:14 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/08/16 20:03:14 | 000,000,000 | ---- | C] () -- C:\prefs.js
[2013/08/07 18:15:26 | 000,028,853 | ---- | C] () -- C:\Users\vishwas\Desktop\download (1).jpg
[2013/08/07 18:12:55 | 000,028,997 | ---- | C] () -- C:\Users\vishwas\Desktop\download.jpg
[2013/02/17 12:30:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2013/02/17 12:30:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2013/02/17 12:30:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2013/02/17 12:30:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2013/02/17 12:30:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2013/02/17 12:30:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2013/02/17 12:30:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2013/02/17 12:30:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2013/02/17 12:30:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2013/02/17 12:30:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2013/02/17 12:30:18 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2013/02/17 12:30:18 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2013/02/17 12:30:18 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2013/02/17 12:30:17 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2013/02/17 12:30:17 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2013/02/17 12:30:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2013/02/17 12:30:16 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2013/02/17 12:04:14 | 000,000,100 | ---- | C] () -- C:\Windows\lexstat.ini
[2012/01/13 00:27:08 | 000,007,808 | ---- | C] () -- C:\Users\vishwas\AppData\Local\d3d9caps.dat
[2011/12/04 20:32:52 | 000,022,016 | ---- | C] () -- C:\Users\vishwas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 10:32:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/13 10:32:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/10 23:42:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/11/10 19:31:18 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/10 00:25:43 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/11/09 23:04:53 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/10 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\.BitTornado
[2011/12/04 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\acccore
[2013/01/23 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Amazon
[2013/08/16 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Azureus
[2012/11/17 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\DAEMON Tools Lite
[2013/08/16 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Dropbox
[2012/04/21 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\ID Vault
[2012/11/23 19:46:27 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Juniper Networks
[2012/12/30 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Tific
[2011/12/11 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\uPlayer

========== Purity Check ==========



< End of report >


Extras.txt

OTL Extras logfile created on: 8/16/2013 10:02:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vishwas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 42.97% Memory free
5.72 Gb Paging File | 4.00 Gb Available in Paging File | 69.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 137.51 Gb Free Space | 61.66% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.67 Gb Free Space | 16.92% Space Free | Partition Type: NTFS

Computer Name: VISHWAS-PC | User Name: vishwas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00297943-0ACA-4C01-A802-FCF9B8248D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09A56CE9-5177-4D58-A9FF-CE3FF495862C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12211C56-7E18-41D4-87D5-608DD681AEE5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1C5EB61A-0D31-48C6-A0A3-46A2BD7A3FD8}" = lport=10244 | protocol=6 | dir=in | app=system |
"{27460074-5FD2-4E66-AE9B-71D0EA17D9E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40F4ACEC-C990-4B90-8846-F1B521F04BDF}" = rport=138 | protocol=17 | dir=out | app=system |
"{447EF96A-0765-4BE6-ADCB-B065AF426E41}" = lport=10244 | protocol=6 | dir=in | app=system |
"{50F644F9-B4CF-4CD5-9328-D964F5BFFB55}" = lport=138 | protocol=17 | dir=in | app=system |
"{55910CD2-AD44-4025-9A17-A274AD771D37}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{61C31D5B-2A7F-4C11-A355-DFA4B9BFFF0C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6D416D51-2D81-43F4-97BE-F0D48C5B886C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9978D8CB-610D-44B6-9BA0-D925EE10DA7B}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A864866-9F54-4842-BA5B-500531987978}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9F04FEC2-8D41-4CDB-84B7-E271A9B28467}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7B71FCA-B49E-4A65-93C5-5A5FC458C92E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A7B81713-AD1B-491D-9BFA-B61BFBF5896B}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE14F35D-8EE5-429A-B0A5-9BBDC3AF1E5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B25FDFB5-EDED-452F-87DD-4982D7CA38FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3C0BEC2-3706-4567-BA91-6A7987C5A791}" = rport=445 | protocol=6 | dir=out | app=system |
"{B9C35540-3EFA-435F-B21E-01783F084D8D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C5D94125-26D4-4963-87A0-5B0DFF856FB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6002F80-301A-4945-9C64-27FE90DFFC83}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8A282D3-7C05-4D4A-875A-9E1117CFB30C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D5BD9F43-04C8-424D-94A2-C6B5193CCE3E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D607902A-6C9B-44E8-BF5C-095D54CF985F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DFE69CC6-0C45-4407-B927-47FF8215B8AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8627184-4CE8-4C85-8C92-44CBFC15DA4D}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9708A7C-34B5-4B10-B8AD-ABB22D2C143A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{F1D4514B-FFE3-4D39-9517-B48B8CC86E40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F39561CC-8892-4F81-B700-751B2B115218}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F50536FF-A115-4525-85FC-4CA6FA43CB83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5E984A7-38EC-4554-8C47-9B1A6E85594B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFB74802-763A-4340-90EB-A67F7B9D9E1B}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020D8FF5-E66B-4A87-8659-FD6F7302B4AF}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{0A956D39-283D-45D4-97E0-DB8B7F3BBDFA}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{0E9FD2F4-4805-45E5-B548-98378F62B61B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1F50F669-0015-4684-A198-AD4E6F082562}" = protocol=1 | dir=in | [email protected],-28543 |
"{1FF4FD0E-7E0E-4762-96B0-88C9128D6450}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{22369DEF-3B92-4483-BE05-B4AB1A9CFF09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{360E3640-FB26-4DEF-8288-8B53B8EBB28A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3A68F839-CDCD-4F3D-99AB-B17002FA7D3E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C36844E-D5DA-4663-8B1C-BC8F612FCB53}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3D9BF86B-2C89-4BE3-8F2B-FEEF6DDD7A66}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{4924385A-6B61-48B5-91FB-3A5C5E845BDF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{50B8832B-BEAC-4375-9A34-43AE9EDA0208}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{524323B7-F461-4A53-BE0C-EBC50E317E23}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{56CF4C3C-F69D-496B-A0A1-5A446EC5855E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C9E4E52-DE8E-4F16-A968-B12F740C0214}" = protocol=17 | dir=in | app=c:\users\vishwas\appdata\roaming\dropbox\bin\dropbox.exe |
"{61BC112B-E913-4CFE-AADF-C7416F890659}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6A30191E-4A74-4585-9579-90FF5EB31D25}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{6F26C306-5E60-4DDB-9846-E40FE9C6EC32}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{7018F4DC-50D9-4792-A0CF-2BD69B9BD3FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{796515E3-3F48-4649-BD62-D0D2C77AED79}" = protocol=17 | dir=in | app=c:\users\vishwas\appdata\local\temp\nsk95e6.tmp\bundlesweetimsetup.exe |
"{7AACE2B0-2E1E-43CF-AB00-4897E701415E}" = protocol=6 | dir=in | app=c:\users\vishwas\appdata\local\temp\nsk95e6.tmp\bundlesweetimsetup.exe |
"{80851FC2-6DA3-49AA-8365-8B8B3E868A87}" = protocol=58 | dir=out | [email protected],-28546 |
"{8A5855B8-643F-4A45-8E89-C65BE5B73AE8}" = protocol=58 | dir=in | [email protected],-28545 |
"{962E9DCB-840A-45A4-80A9-C4F8FABD0A03}" = protocol=6 | dir=in | app=c:\users\vishwas\appdata\roaming\dropbox\bin\dropbox.exe |
"{A7D4A300-BA0B-41A2-923C-04259EED5F63}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A8591094-DF49-488F-934C-842A2D3B58F2}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A8AFEEDF-F768-488C-BA90-B9081FD8217F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{AA0CB156-F09F-43E8-AE63-8D196C124846}" = protocol=1 | dir=out | [email protected],-28544 |
"{AC78DE1B-0A06-4A5D-82DC-2AFB2F2BE004}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B71AB843-B8A8-4424-AC6F-0CF49EA44360}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B9ACF204-F90F-470D-9F7A-25FE982865C7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BE816D54-FE0D-4DE3-940D-8D94EF582E02}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C27CFD25-ACA5-450B-890B-856825BD8C4E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CE417CC2-006D-44BC-B33A-291B02416FCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E3FEA3C0-F1ED-410D-B3EF-BD5CD0D5C65B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E8A7B01C-92DB-4FE8-8A9B-B430F35684B1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F267AEC1-BFC1-4471-8EE9-BC00F91A863F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F93263C1-118C-438A-97B8-BA33292D1FB9}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FB46D02E-EAC4-479D-B7A9-A6173FD6AEBF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX Setup
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Revo Uninstaller" = Revo Uninstaller 1.94
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2013 4:45:26 AM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27814370

Error - 8/14/2013 9:08:33 PM | Computer Name = vishwas-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/15/2013 4:33:09 PM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/15/2013 4:33:09 PM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64818181

Error - 8/15/2013 4:33:09 PM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64818181

Error - 8/15/2013 6:34:09 PM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/15/2013 6:34:09 PM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7254857

Error - 8/15/2013 6:34:09 PM | Computer Name = vishwas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7254857

Error - 8/16/2013 8:11:44 PM | Computer Name = vishwas-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 28.0.1500.95 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1014 Start Time: 01ce9ad0dc099e40 Termination Time: 146

Error - 8/16/2013 9:40:35 PM | Computer Name = vishwas-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/13/2013 5:37:39 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/18/2013 5:58:05 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2013 5:53:41 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2013 1:40:38 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/29/2013 8:28:55 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/1/2013 3:14:15 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2013 5:48:03 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/12/2013 6:00:47 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/14/2013 9:08:33 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2013 9:40:36 PM | Computer Name = vishwas-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi! My name is zep516 and Welcome to Geeks to Go!

I'll do the best I can to resolve your computer issue
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)
  • 0

#3
carlfifank

carlfifank

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you zep516.
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
You're welcome,

Hi carfifank,
just a few things to do from what I see, Lets begin.

First

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    [2013/08/16 20:03:18 | 000,000,000 | ---D | C] -- C:\Users\vishwas\AppData\Local\Slick Savings
    [2013/08/16 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2013/08/16 20:01:56 | 000,000,000 | ---D | C] -- C:\Users\vishwas\AppData\Roaming\Azureus
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next

Please download AdwCleaner

  • Double-click AdwCleaner.exe to run the tool.
  • Click Delete button as shown below.
Posted Image
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.

  • 0

#5
carlfifank

carlfifank

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
zep515,

I ran the OTL file with the code you had supplied. Below is the log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\vishwas\AppData\Local\Slick Savings folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot\GC folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\stats\2013\08 folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\stats\2013 folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\stats folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\dlarchive folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\vishwas\AppData\Roaming\Azureus folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\vishwas\Desktop\cmd.bat deleted successfully.
C:\Users\vishwas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx1.vishwas-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx1.vishwas-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: vishwas
->Temp folder emptied: 2925595 bytes
->Temporary Internet Files folder emptied: 20716888 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 426059155 bytes
->Flash cache emptied: 1184 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18590959 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 26633888 bytes

Total Files Cleaned = 472.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 08172013_174431

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I next ran the JRT file. Below is the log for that:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by vishwas on Sat 08/17/2013 at 17:57:54.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 18:03:39.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Last, I ran adwcleaner. Below is the log for that:

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 18:23:34
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : vishwas - VISHWAS-PC
# Boot Mode : Normal
# Running from : C:\Users\vishwas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16502

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [800 octets] - [30/05/2013 18:26:16]
AdwCleaner[S2].txt - [957 octets] - [17/08/2013 18:23:34]

########## EOF - C:\AdwCleaner[S2].txt - [1016 octets] ##########
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
1 Please post a fresh OTL Log.

2 Tell me how everything is.

Joe
  • 0

#7
carlfifank

carlfifank

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
zep,

Everything looks to be working okay. My browser search engines had been changed to Yahoo, but I changed them back. I don't see any other issues at the moment, my computer seems to be running ok.

Below is the latest OTL file. Thanks.

OTL logfile created on: 8/18/2013 3:58:14 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vishwas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 59.32% Memory free
5.72 Gb Paging File | 4.76 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 138.04 Gb Free Space | 61.89% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.67 Gb Free Space | 16.92% Space Free | Partition Type: NTFS

Computer Name: VISHWAS-PC | User Name: vishwas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/16 22:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vishwas\Desktop\OTL.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/04/19 16:44:18 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/04/19 16:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/04/19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxczcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/11 22:21:20 | 001,021,440 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter_intl.dll


========== Services (SafeList) ==========

SRV - [2013/06/21 10:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/11 20:09:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/16 19:38:16 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 20:14:49 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130817.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/31 20:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/31 20:14:49 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130817.006\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 21:21:36 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2013/02/15 17:29:22 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130810.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/08 22:38:03 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/27 23:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 22:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 15:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 15:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{047725AF-524F-470B-A5BE-38D6D75FFB09}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1778781A-BFD7-48C6-A622-04F08C66E2CD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vishwas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vishwas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 14:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/08/17 18:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/17 12:28:20 | 000,000,000 | ---D | M]

[2013/05/27 19:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/27 19:53:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\vishwas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: YouTube = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\vishwas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_05\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bech...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0097ACB6-4C33-4729-B58C-64B570DAB289}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5995D1E-F275-4585-8286-F90D0A34D53E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 14:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 17:56:04 | 001,018,166 | ---- | C] (Thisisu) -- C:\Users\vishwas\Desktop\JRT.exe
[2013/08/17 17:44:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/16 22:01:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vishwas\Desktop\OTL.exe
[2013/08/16 20:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/08/16 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\vishwas\.swt
[2013/08/13 20:45:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

========== Files - Modified Within 30 Days ==========

[2013/08/18 03:39:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1485438164-1664767260-3697909283-1000UA.job
[2013/08/18 03:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/18 02:26:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 02:26:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 18:39:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1485438164-1664767260-3697909283-1000Core.job
[2013/08/17 18:26:14 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/17 18:26:14 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/17 18:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/17 18:25:50 | 2951,057,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/17 18:22:42 | 000,666,633 | ---- | M] () -- C:\Users\vishwas\Desktop\adwcleaner.exe
[2013/08/17 17:56:06 | 001,018,166 | ---- | M] (Thisisu) -- C:\Users\vishwas\Desktop\JRT.exe
[2013/08/16 22:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vishwas\Desktop\OTL.exe
[2013/08/16 20:03:14 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/08/16 20:03:14 | 000,000,000 | ---- | M] () -- C:\prefs.js
[2013/08/13 20:39:36 | 000,604,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/13 20:39:35 | 000,104,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/01 15:49:59 | 000,002,094 | ---- | M] () -- C:\Users\vishwas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/08/17 18:22:41 | 000,666,633 | ---- | C] () -- C:\Users\vishwas\Desktop\adwcleaner.exe
[2013/08/16 20:03:14 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/08/16 20:03:14 | 000,000,000 | ---- | C] () -- C:\prefs.js
[2013/02/17 12:30:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2013/02/17 12:30:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2013/02/17 12:30:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2013/02/17 12:30:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2013/02/17 12:30:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2013/02/17 12:30:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2013/02/17 12:30:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2013/02/17 12:30:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2013/02/17 12:30:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2013/02/17 12:30:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2013/02/17 12:30:18 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2013/02/17 12:30:18 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2013/02/17 12:30:18 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2013/02/17 12:30:17 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2013/02/17 12:30:17 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2013/02/17 12:30:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2013/02/17 12:30:16 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2013/02/17 12:04:14 | 000,000,100 | ---- | C] () -- C:\Windows\lexstat.ini
[2012/01/13 00:27:08 | 000,007,808 | ---- | C] () -- C:\Users\vishwas\AppData\Local\d3d9caps.dat
[2011/12/04 20:32:52 | 000,022,016 | ---- | C] () -- C:\Users\vishwas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 10:32:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/13 10:32:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/10 23:42:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/11/10 19:31:18 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/10 00:25:43 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/11/09 23:04:53 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/10 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\.BitTornado
[2011/12/04 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\acccore
[2013/01/23 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Amazon
[2012/11/17 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\DAEMON Tools Lite
[2013/08/16 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Dropbox
[2012/04/21 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\ID Vault
[2012/11/23 19:46:27 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Juniper Networks
[2012/12/30 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\Tific
[2011/12/11 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\vishwas\AppData\Roaming\uPlayer

========== Purity Check ==========



< End of report >
  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi carfifank,

It's important we clean up some of the tools we used.

OTL Clean-Up

Right click on the Posted Image icon on your desktop and choose Run as administrator to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

If there are any left over tools or logs on your computer please delete them now.

Next

Please do the following to uninstall AdwCleaner.

  • Double-click AdwCleaner.exe to run the tool.
  • Click the Uninstall button as shown below.
    Posted Image
  • Confirm with yes

AdwCleaner will now be uninstalled.

Next

Right click on the JRT Icon and delete it.

Lets run 1 more final scan to double check for any left overs.

ESET Online Scanner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

In your next reply please post the ESET Scan results.
  • 0

#9
carlfifank

carlfifank

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
zep,

I ran ESET as described and it found 1 threat: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\611G582S\SkywalkerSetup[1].exe Win32/SweetIM.D application

Below is the log file that was created. I did not uninstall ESET yet. Thanks.

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi carlfifank,

Lets clean out your temporary internet files and temp files. That will take care of the file ESET found

Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.


Some tips on safe computing to prevent further infection and a basic maintenance program to ensure that your computer runs smoothly and stays free from infections in the future :)

Keep your software Updated:

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click StartPosted Image
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.

Out of date Adobe Reader installed!

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

As a side note: Adobe Reader has been having issues lately. I'd suggest uninstalling it and using FoxIt Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt Reader. It's 'footprint' is considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). It's been said that there are a few things Foxit cannot do compared to Adobe, but I haven't come across them yet.

If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.

If you'd like, you can download Foxit Reader from here.

The choice is yours.

3rd: I'd like to include a couple of programs that I find to be necessary for safe computing and basic maintenance of your computer:

1.) You already have MalWareBytesAntiMalware installed. Please update before scanning regularly.

2.) Ccleaner:

Download Ccleaner if you don't have it already.

Install and use with the default settings.

NOTE:
Ccleaner includes a Registry cleaner, and we advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed.

TOUR > http://www.piriform....er-installation

3.) TFC-Temporary File Cleaner by Oldtimer, we already have that so keep it.

Download TFC-Temporary File Cleaner

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, somake sure you have saved all your work before you begin.
  • Click the Start button to begin the cleaning process.
  • Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
  • Please let TFC run uninterrupted until it is finished.

Do not be alarmed when the desktop disappears. It will reappear on reboot.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

4.) Update Checker

Download and install FileHippo update checker and run it monthly. It will show you which programs on your system need to be updated and will provide a download link for you.

5.) WOT = Web of Trust

  • WOT, (Web of Trust), warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory.
  • WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
  • WOT' has an addon available for Firefox, Google Chrome, Internet Explorer, Safari and Opera.

For basic maintenance:

Depending on how much you use your computer you should keep it in tip top shape by performing basic maintenance on a daily/weekly/monthly basis.

1.) Run Ccleaner
2.) TFC
3.) Disk cleanup which is included in Windows.
4.) Windows Defrag- I personally prefer Auslogics Disk Defrag though you will find Windows defrag is included with your OS that is installed.

Auslogics Disk Defrag:

It does a more comprehensive job at Defragging
It will actually show you what it is doing
At the end of working it will show you how much speed you picked up
You can view an online log of the files that Auslogics defragged
Please do not run any other Auslogics programs other then this one as they may cause unwanted results.

5.) MalwareBytesAntimalware

And finally! Some of my own tips for safe computing:

  • Make sure Realtime AV scanning is enabled. A Firewall is a definite plus.
  • If you can't afford a cost effective virus protection then use some free online tools.
  • Don't trust pop-ups that tell you that you may have spyware on your machine. Most of these are money making schemes designed to get you to buy their removal product, which in some cases also contain malware. For a list of those to avoid see here: Rogue Programs to avoid
  • Make back-ups of your most personal files frequently by whatever means you have available, i.e. Tape, CD, DVD, USB Drives, Ghost programs, etc. You never know when you'll have to reformat and start from scratch and without current backups of your personal files, you're basically at a lose. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.
  • Be careful where you "surf". If you know you are going to click a site that is questionable, then at least be intelligent enough to disable javascript, java, ActiveX installations, etc... You "surf" these sites at your own risk.
  • Uninstall and quit using P2P networking programs like uTorrent, Kazaa, BearShare, eMule and Limewire. These are your most likely weakest links if you're using them. Primarily most stuff transferred is illegally obtained and if you won't give it up you eventually pay the consequences.
  • Don't give access to your computer to friends or family who appear to be clueless about what they are doing. Otherwise you'll come home from school/work one day and your computer will be trashed.
  • In my opinion, a PC is just that, a PC (Personal Computer). Don't allow your children to talk you into any Windows cracks, hacks, or tweaks that could turn your computer into an expensive doorstop.
  • When in doubt -- don't download it and don't install it until you've researched it.

Here are a few links you might find interesting that will educate and enhance your online surfing abilities:

"So how did I get infected in the first place?" by Tony Klein and updated by Corrine
How Malware Spreads - How did I get infected by quietman7
How to prevent Malware: by miekemoes

If you have any questions or concerns please don't hesitate to ask! Any member on this site will be more then happy to guide you in your quest for safe surfing and to prevent infection.

Happy and safe computing!

Joe.
  • 1

#11
carlfifank

carlfifank

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Joe, thank you very much for your help!
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
carlfifank,

You're welcome. Thanks for being so easy to work with too!!!


Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP