Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Speed Maximizer infection [Closed]


  • This topic is locked This topic is locked

#1
buttsy

buttsy

    Member

  • Member
  • PipPip
  • 10 posts
Hello all,

Just trying to get the common laptop at work cleaned up, and I'm having the devil of a time getting rid of this "PC Speed Maximizer" and all it's popups. I've tried all the oldies and goodies, MBAM detects and removes it in safe mode, but it just comes right back. Here's the OTL:

OTL Extras logfile created on: 9/27/2013 10:08:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.17% Memory free
6.00 Gb Paging File | 4.53 Gb Available in Paging File | 75.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.27 Gb Total Space | 162.08 Gb Free Space | 56.62% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.81% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBAC0C9-D525-4476-B106-C368A6D1B6B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{189198CC-2FAB-49EE-8B15-BB38511A621F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EF18A96-DFE0-42F3-91D0-A109B107B787}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C74C322-C53B-45CE-A6F9-6A998FE4DCB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{557192BA-14E0-48A9-AEBA-F31BB820E339}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B35878F5-35ED-4CF2-9DFE-451DA6026524}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B48DCCB4-6AD6-4156-868C-E4BDD365DC91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D22873BF-82C6-4DF8-99D7-17D28050ADE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E034272A-E4F4-4C0C-95B2-4F2EDAA7C049}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F51132CA-1855-450B-A878-B6DFD09B979E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF3AD14F-6267-4759-92A9-37B11E84695E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1839BF22-AE1A-4B40-BBBF-49A0B2DB7195}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{1A17D277-CC96-4FF4-B9E0-26F845669FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3EAE6667-12A0-4F62-9ACB-B3F4B999EE98}" = protocol=17 | dir=in | app=c:\program files\origin games\command and conquer generals zero hour\generals.exe |
"{476EA97A-F3C8-4B00-AF8D-B57FA9509731}" = protocol=6 | dir=out | app=system |
"{4AEF305C-0E14-428D-9725-A82EAE532E97}" = protocol=6 | dir=in | app=c:\program files\origin games\command and conquer red alert 3\ra3launcher.exe |
"{4C167507-7335-49DC-BADF-1E3C7332234D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{5557E813-A952-444F-9E4C-B32112E43069}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5878F67E-EB1B-4C4E-9070-301278BF5181}" = protocol=17 | dir=in | app=c:\program files\origin games\command and conquer tiberian sun\tslauncher.exe |
"{5A337890-171B-4FB5-9B94-FFCBF7115E84}" = protocol=6 | dir=in | app=c:\program files\origin games\command and conquer generals zero hour\generals.exe |
"{5D947420-3394-473B-AD33-7985FF6DFFBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C709FE9-112A-48E0-A9EE-6623C1553FCD}" = protocol=6 | dir=in | app=c:\program files\origin games\command and conquer tiberian sun\tslauncher.exe |
"{7C815555-BFDA-4158-83BF-DA3B2958114D}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{80CE547A-302F-4696-AA7B-F70B29CC6472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{918ACB67-67E1-4B7F-BC7B-EBCBA85B3556}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{96266721-585E-4628-A6CA-967CE37AC9D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3C147EB-6F82-4FD7-8D71-C191B7E83059}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{B41F52A8-E111-4A34-9603-5768FE5C7D00}" = protocol=17 | dir=in | app=c:\program files\origin games\command and conquer red alert 3\ra3launcher.exe |
"{B496FFE5-055D-4BBB-9365-06A1863A89D1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B991E059-0211-4F4D-B25E-12198D7075B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0CBFB88-AA1F-425F-8AB0-D589D5D9CE7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C76B0E12-2A15-479D-9568-56EDACD59C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8160768-2EDD-44F6-98D1-8B9E65BF8A7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8C8A7EE-CCF5-4296-BE88-36812117F868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBE177D9-AB66-42BA-B980-EE15B4672306}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{DA7226FB-7914-4B83-84F3-B1FEEAE5EB37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA601FAA-EF5B-42F5-98C7-F69C6BAE8B6D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{F4E3BDC9-62E7-4E6F-913D-2D2E5F0A8AFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{61FCB35C-4CC8-4A8D-BB72-F152E4E557C7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6BEC1F23-3F12-4779-AD65-1C84D807F9A1}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{DD28BFE6-B5E8-4752-BBC9-8866FC9A7632}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3BB9AD68-D601-486B-88C8-9E1AF7ED9F57}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{4C8E969D-120F-4D71-BCAA-0FFDEB21DBD7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F4A0B2D0-A6B1-477C-9DD4-370DEBAFB0BF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12F4B10F-2B95-0D9B-ED71-296DA3C20F09}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A0582C-03C1-BB0A-EC77-22BC17A4A601}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29157928-F504-238C-47C7-5389C0F3D6BF}" = CCC Help Swedish
"{2B512D86-0BEE-1F51-FDB7-D414C0D6A40E}" = CCC Help Portuguese
"{2BEA2CA7-9B1B-E9E5-5235-FB725877F0DC}" = AMD Fuel
"{3A5D79AA-13D7-74FD-1850-E356528DE1A0}" = CCC Help Japanese
"{3C315BF7-4B64-4024-8102-174A197437FA}" = Command & Conquer™ Red Alert™ 3 and Uprising
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4082C4D2-9299-AECE-0116-B894D3898F2F}" = AMD VISION Engine Control Center
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D7935EE-D2A1-0AB1-1172-83FFFCBEB37F}" = AMD Accelerated Video Transcoding
"{517FAF1E-3045-49DE-8079-107C2851389E}" = Command & Conquer™ Tiberian Sun™ and Firestorm™
"{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}" = Command & Conquer™: Generals and Zero Hour
"{63738E95-2626-0C13-B682-DCA526B3B3B8}" = CCC Help French
"{648B59AA-B9BF-CBB9-3123-DCEDF669534B}" = CCC Help Turkish
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{663E92C0-0141-0307-6F04-4465EE0002B2}" = CCC Help Italian
"{6879F7F5-E63B-3DCC-DF23-30C4703547D6}" = CCC Help Finnish
"{6B33D1AE-15A1-EBEC-95DF-92B11C404A3E}" = AMD Drag and Drop Transcoding
"{6EB88C92-7828-A799-7A87-AEAA798055FA}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
"{7CFC3EF7-41DB-10A6-C7FC-92AD2778043F}" = CCC Help Chinese Traditional
"{8039009C-537D-E825-BB06-5AE8A250B1C1}" = ccc-utility
"{82284382-30E3-4DED-980B-746278DA6CC2}" = Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90287FB1-220B-C54D-9374-070F6BCEFF7C}" = CCC Help Norwegian
"{907F9C22-CD5B-2864-2FBB-6B1DFCEE0787}" = CCC Help Russian
"{92858613-6C37-1DBB-1DF6-2D2832FD5F2D}" = Catalyst Control Center Localization All
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942641F2-705E-3E66-5D39-BC3AFB476B3A}" = CCC Help Chinese Standard
"{95B90127-0B66-CE91-BFB7-CBA49AC39C0E}" = CCC Help Korean
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FF01926-E64F-EBCB-CAB8-F8C005BE0A8B}" = CCC Help Polish
"{A1974D99-9FF0-9075-CBF4-F579D0717E84}" = CCC Help Thai
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A51500FE-6408-4305-B071-B961F691A4CE}" = Microsoft SQL Server Compact 4.0 Web Tools ENU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ADDAFD3C-9143-49E6-81E1-354FF0DC566D}" = Microsoft Web Platform Installer 4.5
"{AE683B25-6D74-AE98-F9A9-E07FB9EF5B62}" = CCC Help English
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B51C71F3-FA38-627E-1BDD-57831EB4F259}" = CCC Help German
"{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}" = WestwoodOnline
"{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
"{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{CF45E5AA-4F5D-1188-CAA6-C2DE5ABBB389}" = Catalyst Control Center InstallProxy
"{D56B4299-B2B4-4822-ED77-945B0CCF2192}" = CCC Help Greek
"{D6930099-BDDA-A5BA-16E0-291C0A6899C9}" = CCC Help Danish
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E09D83E8-40D2-5E4E-2138-77B6022F6049}" = CCC Help Spanish
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E2F7EB9D-B814-1474-86AB-69BA1872CE1A}" = CCC Help Hungarian
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB11AC97-E48F-13E8-812E-1EAD76AF3146}" = AMD Catalyst Install Manager
"{FBDC5D50-2F10-14AA-DA3D-6E999F0642D8}" = AMD Media Foundation Decoders
"AC3Filter_is1" = AC3Filter 1.63b
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blood" = Blood
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"GIMP-2_is1" = GIMP 2.8.6
"hosts" = hosts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PokerStars" = PokerStars
"Scribus 1.4.2" = Scribus 1.4.2
"Star Trek Armada II" = Star Trek Armada II
"uTorrent" = µTorrent
"VDMSound" = VDMSound
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 2.0.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2011 1:40:52 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 1:50:53 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 2:00:55 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 2:32:26 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 3:03:10 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 8:50:25 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 8:50:25 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 8:53:06 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/25/2011 8:54:33 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is > ? ??. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.

Error - 11/25/2011 9:03:12 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 5/29/2010 3:51:56 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 3:51:55 PM - Error connecting to the internet. 3:51:55 PM - Unable
to contact server..

Error - 5/29/2010 4:52:00 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 4:52:00 PM - Error connecting to the internet. 4:52:00 PM - Unable
to contact server..

Error - 5/29/2010 4:52:07 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 4:52:05 PM - Error connecting to the internet. 4:52:05 PM - Unable
to contact server..

Error - 5/30/2010 9:18:45 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:18:45 AM - Error connecting to the internet. 9:18:45 AM - Unable
to contact server..

Error - 5/30/2010 9:18:56 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:18:50 AM - Error connecting to the internet. 9:18:50 AM - Unable
to contact server..

Error - 5/30/2010 6:19:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:19:02 PM - Error connecting to the internet. 6:19:02 PM - Unable
to contact server..

Error - 5/30/2010 6:19:09 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:19:08 PM - Error connecting to the internet. 6:19:08 PM - Unable
to contact server..

Error - 6/8/2010 5:02:13 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 5:02:13 PM - Error connecting to the internet. 5:02:13 PM - Unable
to contact server..

Error - 6/8/2010 5:02:23 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 5:02:18 PM - Error connecting to the internet. 5:02:18 PM - Unable
to contact server..

Error - 6/22/2010 8:26:49 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 8:26:49 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 9/27/2013 9:50:31 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/27/2013 9:50:31 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/27/2013 9:52:37 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/27/2013 9:52:37 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/27/2013 9:52:37 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/27/2013 9:54:35 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/27/2013 9:55:23 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/27/2013 9:55:28 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/27/2013 9:55:35 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/27/2013 10:16:50 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

Thanks for having a look!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you attach the main OTL log please
  • 0

#3
buttsy

buttsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry about that! Need to pay more attention to what I'm doing!

Here's the OTL log

OTL logfile created on: 9/27/2013 10:08:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.17% Memory free
6.00 Gb Paging File | 4.53 Gb Available in Paging File | 75.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.27 Gb Total Space | 162.08 Gb Free Space | 56.62% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.81% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/27 10:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/09/27 09:58:31 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Owner\Downloads\rkill(2).com
PRC - [2013/09/11 19:58:38 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/08/18 00:21:58 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/08/08 08:31:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/21 05:30:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/21 05:30:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/21 05:29:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/06/11 13:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/06/11 13:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/12 03:25:33 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/12 03:25:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/11 19:58:38 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/18 00:21:58 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/14 03:37:40 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03dc83fbe48384390aed7a455e949789\WindowsFormsIntegration.ni.dll
MOD - [2013/08/14 03:35:30 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/14 03:30:57 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/08/14 03:30:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 03:30:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 03:30:26 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/08/14 03:30:12 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/14 03:30:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 03:29:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/14 03:29:55 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 03:39:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 03:36:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/06/11 13:11:04 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/06/11 12:45:06 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - [2013/09/20 05:56:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/18 00:21:58 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/21 05:30:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/21 05:29:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 13:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/04/12 13:32:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2013/11/19 13:28:05 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\hSONYPVh.sys -- (hSONYPVh)
DRV - [2012/07/21 05:30:16 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/21 05:30:16 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/21 05:30:16 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/07/21 05:30:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/06/11 14:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/06/11 12:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/05/14 02:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/03/05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 14:13:15 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/04/12 14:13:13 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/04/03 06:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.149/login
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 AD 07 DB 65 DA CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.tsn.ca/nhl/"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: 05dd836e-2cbd-4204-9ff3-2f8a8665967d%40a8876730-fb0c-4057-a2fc-f9c09d438e81.com:0.92.52
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17748B16-987B-4E31-AF4A-BD09B020773A}: C:\Windows\system32\config\systemprofile\AppData\Local\{17748B16-987B-4E31-AF4A-BD09B020773A}\ [2011/03/27 08:30:12 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/21 21:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/18 00:21:53 | 000,000,000 | ---D | M]

[2011/05/18 17:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/09/26 19:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions
[2013/08/28 07:35:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/28 10:59:43 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com
[2013/09/24 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com\extensionData
[2013/09/24 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com\extensionData\plugins
[2013/09/24 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com\extensionData\userCode
[2013/08/18 00:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/18 00:21:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/21 21:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\crossrider
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC987070-9756-4144-9FAA-A3FD37A39B0D}: DhcpNameServer = 192.168.5.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC987070-9756-4144-9FAA-A3FD37A39B0D}: NameServer = 208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/26 20:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2013/09/26 18:38:48 | 000,000,000 | ---D | C] -- C:\dosprogs
[2013/09/26 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DOSBox
[2013/09/26 18:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2013/09/26 18:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2013/09/26 18:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\VDMSound
[2013/09/26 17:31:16 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/09/26 17:30:25 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2013/09/22 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\A&A
[2013/09/22 00:28:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/09/22 00:27:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2013/09/22 00:14:20 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/09/22 00:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2013/09/15 03:00:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/14 05:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\WestwoodOnline
[2013/09/14 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Command and Conquer Generals Zero Hour Data
[2013/09/14 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Command and Conquer Generals Data
[2010/12/17 13:14:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/09/27 10:12:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1079428705-2398535013-2269741918-1000UA.job
[2013/09/27 10:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/27 10:02:20 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 10:02:19 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2013/09/27 09:55:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/27 09:54:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/27 09:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/27 09:54:13 | 2414,628,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/27 09:19:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2013/09/27 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2013/09/27 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2013/09/27 00:51:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2013/09/26 23:03:14 | 000,000,911 | ---- | M] () -- C:\Windows\STA2.ini
[2013/09/26 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At26.job
[2013/09/26 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At25.job
[2013/09/26 21:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2013/09/26 20:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2013/09/26 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2013/09/26 18:36:26 | 000,001,872 | ---- | M] () -- C:\DOSBox 0.74.lnk
[2013/09/26 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2013/09/26 17:30:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/09/26 17:30:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/09/26 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2013/09/26 16:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1079428705-2398535013-2269741918-1000Core.job
[2013/09/26 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2013/09/26 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2013/09/26 14:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2013/09/26 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2013/09/26 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2013/09/26 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2013/09/26 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2013/09/26 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2013/09/26 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2013/09/26 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2013/09/26 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2013/09/26 03:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job
[2013/09/26 03:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2013/09/26 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2013/09/24 12:50:20 | 001,760,511 | ---- | M] () -- C:\Users\Owner\Documents\Layout.png
[2013/09/24 12:50:20 | 000,002,071 | ---- | M] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/09/24 12:49:58 | 000,198,880 | ---- | M] () -- C:\Users\Owner\Documents\Layout.xcf
[2013/09/22 01:19:04 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2013/09/12 03:23:14 | 000,294,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/09/26 22:55:38 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2013/09/26 18:36:26 | 000,001,872 | ---- | C] () -- C:\DOSBox 0.74.lnk
[2013/09/26 17:30:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/09/26 17:30:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/09/24 12:50:20 | 000,002,071 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/09/24 12:47:46 | 001,760,511 | ---- | C] () -- C:\Users\Owner\Documents\Layout.png
[2013/09/22 00:28:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013/09/19 20:10:00 | 000,198,880 | ---- | C] () -- C:\Users\Owner\Documents\Layout.xcf
[2013/07/20 00:05:45 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012/08/25 21:42:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/06/11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/06/11 12:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/06/11 12:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/04/12 15:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/01/13 07:38:00 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{BCEF0C80-E506-4A51-A8FC-C8E5AEA1691C}
[2011/12/09 06:36:35 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{8C1086E1-3A15-4CF0-ABAA-C15CE6FA5352}
[2011/10/19 17:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{49CD31A0-8C7A-46FE-8C80-AE667B41D804}
[2011/10/09 23:30:43 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{1DD6734E-5194-402C-B75E-6075C55E72A2}
[2011/09/27 07:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A6F04FDF-D155-4A2F-89C2-658BBE4CF54A}
[2011/09/14 16:21:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{4F2AC369-D76A-4AF3-ACC9-37C7925F09FC}
[2011/09/13 15:59:20 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{79295C58-5F20-4A05-9827-30C6D5751F7B}
[2011/09/05 10:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{4BF1A340-9B4D-4862-B66E-E68E917414F3}
[2011/09/03 07:07:33 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{266E8D8E-BEDB-4B53-BAEE-6283449D939B}
[2011/09/02 00:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{1DC86474-78C9-4510-9BC0-08E2337A2245}
[2011/08/12 10:05:42 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{65BE3204-EDE3-445B-A158-4907E480A460}
[2011/07/17 15:34:22 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{ACB63234-3EF7-4E6A-80A5-8F9BC46D81B0}
[2011/06/12 18:30:19 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A1ECEB6A-E2A2-42ED-8CE4-036EAC3B3796}
[2011/05/25 15:50:56 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{82721AEF-0A41-4C7B-B9E1-29ACA198249A}
[2011/05/20 14:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{99AB445B-C660-4BEC-96CD-BBED1163A506}
[2011/03/27 08:31:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
[2010/12/17 13:14:37 | 000,087,608 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2010/12/17 13:14:37 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2010/12/17 13:14:37 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2010/12/17 13:08:28 | 000,001,057 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 19:28:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2013/07/16 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2013/05/25 01:45:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
[2013/09/22 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/12/11 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Local
[2012/12/03 21:38:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2013/05/09 04:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/08/01 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2010/12/11 18:43:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Raptr
[2013/07/19 14:09:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Red Alert 3
[2013/05/25 01:42:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Scribus
[2011/03/22 15:03:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Supermarket Mania 2
[2013/09/19 21:55:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2013/07/16 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this OTL run could you run a further MBAM quick scan and post the resultant log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
DRV - [2013/11/19 13:28:05 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\hSONYPVh.sys -- (hSONYPVh)
FF - prefs.js..extensions.enabledAddons: 05dd836e-2cbd-4204-9ff3-2f8a8665967d%40a8876730-fb0c-4057-a2fc-f9c09d438e81.com:0.92.52
[2013/09/24 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com\extensionData
[2013/09/24 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com\extensionData\plugins
[2013/09/24 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com\extensionData\userCode
[2013/08/28 10:59:43 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\[email protected]09d438e81.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.

:Files
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa
C:\Windows\tasks\At*.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
buttsy

buttsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here's the OTL and MBAM logs

OTL logfile created on: 10/4/2013 8:07:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.38% Memory free
6.00 Gb Paging File | 4.89 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.27 Gb Total Space | 186.79 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.81% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/27 10:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/08 08:31:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/21 05:30:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/21 05:30:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/21 05:29:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/06/11 13:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/06/11 13:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/12 03:25:33 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/12 03:25:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 03:37:40 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03dc83fbe48384390aed7a455e949789\WindowsFormsIntegration.ni.dll
MOD - [2013/08/14 03:35:30 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/14 03:30:57 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/08/14 03:30:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 03:30:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 03:30:26 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/08/14 03:30:12 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/14 03:30:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 03:29:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/14 03:29:55 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 03:39:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 03:36:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/06/11 13:11:04 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/06/11 12:45:06 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013/09/20 05:56:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/21 05:30:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/21 05:29:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/11 13:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/04/12 13:32:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/07/21 05:30:16 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/21 05:30:16 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/21 05:30:16 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/07/21 05:30:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/06/11 14:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/06/11 12:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/05/14 02:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/03/05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 14:13:15 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/04/12 14:13:13 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/04/03 06:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.149/login
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 AD 07 DB 65 DA CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17748B16-987B-4E31-AF4A-BD09B020773A}: C:\Windows\system32\config\systemprofile\AppData\Local\{17748B16-987B-4E31-AF4A-BD09B020773A}\ [2011/03/27 08:30:12 | 000,000,000 | -H-D | M]

[2011/05/18 17:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/04 19:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions
[2013/08/28 07:35:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncnjueqp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/01 21:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 21:14:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCNJUEQP.DEFAULT\EXTENSIONS\[email protected]09D438E81.COM

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\

Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC987070-9756-4144-9FAA-A3FD37A39B0D}: DhcpNameServer = 192.168.5.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC987070-9756-4144-9FAA-A3FD37A39B0D}: NameServer = 208.67.222.222
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/04 19:42:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/04 11:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/04 11:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/04 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Systweak
[2013/10/04 10:32:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Lollipop
[2013/10/01 21:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/27 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2013/09/26 20:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2013/09/26 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DOSBox
[2013/09/26 18:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2013/09/26 18:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2013/09/26 18:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\VDMSound
[2013/09/26 17:31:16 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/09/26 17:30:47 | 000,000,000 | ---D | C] -- C:\blood
[2013/09/26 17:30:25 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2013/09/22 00:28:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/09/22 00:27:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2013/09/14 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Command and Conquer Generals Zero Hour Data
[2013/09/14 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Command and Conquer Generals Data
[2010/12/17 13:14:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/10/04 20:00:26 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 20:00:26 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 19:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/04 19:52:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 19:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 19:52:27 | 000,268,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/04 19:51:31 | 2414,628,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/04 19:13:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/04 15:34:55 | 000,087,608 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2013/10/04 15:34:55 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[2013/10/04 15:34:55 | 000,007,887 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2013/10/04 15:34:55 | 000,001,144 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2013/09/27 10:57:43 | 000,002,701 | ---- | M] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/09/26 18:36:26 | 000,001,872 | ---- | M] () -- C:\DOSBox 0.74.lnk
[2013/09/26 17:30:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/09/26 17:30:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/09/24 12:50:20 | 001,760,511 | ---- | M] () -- C:\Users\Owner\Documents\Layout.png
[2013/09/24 12:49:58 | 000,198,880 | ---- | M] () -- C:\Users\Owner\Documents\Layout.xcf
[2013/09/22 01:19:04 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll

========== Files Created - No Company Name ==========

[2013/09/27 10:57:43 | 000,002,701 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/09/26 18:36:26 | 000,001,872 | ---- | C] () -- C:\DOSBox 0.74.lnk
[2013/09/26 17:30:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/09/26 17:30:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/09/24 12:47:46 | 001,760,511 | ---- | C] () -- C:\Users\Owner\Documents\Layout.png
[2013/09/22 00:28:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013/09/19 20:10:00 | 000,198,880 | ---- | C] () -- C:\Users\Owner\Documents\Layout.xcf
[2013/07/20 00:05:45 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012/08/25 21:42:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/06/11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/06/11 12:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/06/11 12:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/04/12 15:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/01/13 07:38:00 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{BCEF0C80-E506-4A51-A8FC-C8E5AEA1691C}
[2011/12/09 06:36:35 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{8C1086E1-3A15-4CF0-ABAA-C15CE6FA5352}
[2011/10/19 17:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{49CD31A0-8C7A-46FE-8C80-AE667B41D804}
[2011/10/09 23:30:43 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{1DD6734E-5194-402C-B75E-6075C55E72A2}
[2011/09/27 07:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A6F04FDF-D155-4A2F-89C2-658BBE4CF54A}
[2011/09/14 16:21:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{4F2AC369-D76A-4AF3-ACC9-37C7925F09FC}
[2011/09/13 15:59:20 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{79295C58-5F20-4A05-9827-30C6D5751F7B}
[2011/09/05 10:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{4BF1A340-9B4D-4862-B66E-E68E917414F3}
[2011/09/03 07:07:33 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{266E8D8E-BEDB-4B53-BAEE-6283449D939B}
[2011/09/02 00:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{1DC86474-78C9-4510-9BC0-08E2337A2245}
[2011/08/12 10:05:42 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{65BE3204-EDE3-445B-A158-4907E480A460}
[2011/07/17 15:34:22 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{ACB63234-3EF7-4E6A-80A5-8F9BC46D81B0}
[2011/06/12 18:30:19 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A1ECEB6A-E2A2-42ED-8CE4-036EAC3B3796}
[2011/05/25 15:50:56 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{82721AEF-0A41-4C7B-B9E1-29ACA198249A}
[2011/05/20 14:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{99AB445B-C660-4BEC-96CD-BBED1163A506}
[2011/03/27 08:31:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
[2010/12/17 13:14:37 | 000,087,608 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2010/12/17 13:14:37 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2010/12/17 13:14:37 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2010/12/17 13:08:28 | 000,001,057 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 19:28:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2013/07/16 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2013/05/25 01:45:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
[2013/09/22 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/12/11 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Local
[2012/12/03 21:38:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2013/05/09 04:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/10/04 15:54:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2010/12/11 18:43:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Raptr
[2013/07/19 14:09:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Red Alert 3
[2013/05/25 01:42:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Scribus
[2011/03/22 15:03:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Supermarket Mania 2
[2013/10/04 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Systweak
[2013/10/04 15:34:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso

========== Purity Check ==========



< End of report >

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.04.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Owner :: OWNER-PC [administrator]

04/10/2013 7:55:04 PM
MBAM-log-2013-10-04 (20-04-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192660
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#7
buttsy

buttsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Everything seems to be hunky dorey. Thanks very much! I'll post the junkware log if I actually get the chance to do it.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The JRT programme will remove any final traces of it. Once you are done I will remove my tools and tidy up :)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP