Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possibly Infected, unnecessarily slow at times.

Started by JustTrevor , Oct 31 2013 02:04 AM

  • Please log in to reply

#1
JustTrevor
Posted 31 October 2013 - 02:04 AM

JustTrevor

    Member

  • Member
  • PipPip
  • 12 posts
So a good buddy of mine let me borrow his old, spare laptop due to mine breaking due to some hardware failures (and I didn't want to waste money fixing it) but I think he may have given it to me infected. Now the laptop is rather old and hardware wise its not that great but somethings just seem so unnecessarily slow its ridiculous and odd to say the least. Things such as right clicking on the desktop sometimes taking 3-15seconds, same thing when clicking the start button, basic web pages like facebook freezing the computer for a good 30 seconds before properly loading, small folders freezing or going unresponsive when opening (like downloads folders) or even shutting the computer down can sometimes take far longer than it should. Things of this nature.

I ended up taking a look at his installed programs and noticed he had a lot of of those 3rd party crappy programs you get from downloading something else and not unchecking the random boxes (and a few programs I didn't even recognize). I don't know if these are the problems or something else entirely. So I came here to see if there was anything else lingering.

Thanks for your time and help.

OTL quickscan file:


OTL logfile created on: 10/30/2013 9:38:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 60.26% Memory free
7.27 Gb Paging File | 6.03 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): c:\pagefile.sys 4600 6600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.21 Gb Total Space | 94.15 Gb Free Space | 65.29% Space Free | Partition Type: NTFS
Drive D: | 4.82 Gb Total Space | 4.72 Gb Free Space | 97.83% Space Free | Partition Type: FAT32

Computer Name: ROSCO-PC | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/30 21:37:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
PRC - [2013/10/14 15:14:25 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/10/08 14:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 10:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/07 20:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/22 08:18:52 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2013/03/25 05:20:50 | 000,520,360 | ---- | M] (iWin Inc.) -- C:\Program Files\Pogo Games\PGMTrusted.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/08 14:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 14:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 14:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 14:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 14:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 14:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - [2013/10/14 15:14:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/10/08 16:22:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/07 20:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/22 08:18:52 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/03/25 05:20:50 | 000,520,360 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2010/02/20 13:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/10 20:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2013/08/06 16:31:26 | 000,011,552 | ---- | M] (Glarysoft Ltd) [Kernel | On_Demand | Running] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/03/15 07:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/05/14 08:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009/04/10 18:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/09/18 03:14:44 | 000,251,392 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/26 16:23:12 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/01/20 16:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2008/01/20 16:23:02 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/01 21:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2005/11/14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {01e86e69-a2f8-48a0-b068-83869bdba3d0} - C:\Program Files\VisualBee_V.9\prxtbVis0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files\MixiDJ_V45\prxtbMix0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 05 5B 09 AD 8E CE 01 [binary data]
IE - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS521
IE - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: c:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: c:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)


[2013/07/25 04:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://www.search.as...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Acrobat3\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Disabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\25.60699_0\
CHR - Extension: Google Docs = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (VisualBee V.9 Toolbar) - {01e86e69-a2f8-48a0-b068-83869bdba3d0} - C:\Program Files\VisualBee_V.9\prxtbVis0.dll (Conduit Ltd.)
O2 - BHO: (hosts) - {11111111-1111-1111-1111-110311531182} - C:\Program Files\hosts\hosts-bho.dll (Alex)
O2 - BHO: (Coupon Server) - {11111111-1111-1111-1111-110311581152} - C:\Program Files\Coupon Server\Coupon Server-bho.dll (Innovative Apps)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Rosco\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (MixiDJ V45 Toolbar) - {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files\MixiDJ_V45\prxtbMix0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VisualBee V.9 Toolbar) - {01e86e69-a2f8-48a0-b068-83869bdba3d0} - C:\Program Files\VisualBee_V.9\prxtbVis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MixiDJ V45 Toolbar) - {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files\MixiDJ_V45\prxtbMix0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\..\Toolbar\WebBrowser: (VisualBee V.9 Toolbar) - {01E86E69-A2F8-48A0-B068-83869BDBA3D0} - C:\Program Files\VisualBee_V.9\prxtbVis0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-598869867-4264938955-1491418867-1003\..\Toolbar\WebBrowser: (MixiDJ V45 Toolbar) - {D2CF9842-AF95-48CD-B873-BFBB48CD7F5E} - C:\Program Files\MixiDJ_V45\prxtbMix0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4BE43AF-278C-44F2-9144-9860E01511D5}: DhcpNameServer = 192.168.200.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 19:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{37c53c14-77ca-11e2-b28c-00238b48e0fc}\Shell - "" = AutoRun
O33 - MountPoints2\{37c53c14-77ca-11e2-b28c-00238b48e0fc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 21:37:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2013/10/25 09:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/10/25 09:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013/10/25 09:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/25 09:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/25 09:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/23 22:18:24 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\GlarySoft
[2013/10/13 15:28:13 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
[2013/10/03 12:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/03 12:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2013/10/30 21:37:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2013/10/30 21:34:59 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/10/30 21:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/30 21:06:10 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/10/30 21:05:33 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 21:05:32 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 21:05:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/30 21:05:07 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/30 21:05:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/10/30 21:04:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/28 18:37:01 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/28 18:37:00 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/28 00:03:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/15 15:31:13 | 000,000,000 | ---- | M] () -- C:\END
[2013/10/15 06:48:22 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/03 12:25:29 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/10/03 12:25:29 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/23 22:39:25 | 000,000,680 | ---- | C] () -- C:\Users\T\AppData\Local\d3d9caps.dat
[2013/07/25 23:26:11 | 000,019,744 | ---- | C] () -- C:\Windows\System32\RegBootDefrag.exe
[2013/03/03 17:51:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/03/03 17:51:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/02/04 09:44:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/11/13 15:43:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/11/13 15:43:36 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 07:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 20:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 20:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/12 23:47:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Glarysoft
[2013/07/27 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SearchProtect
[2013/08/13 00:29:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer
[2013/07/25 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\BabSolution
[2013/07/25 04:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\Babylon
[2013/07/16 17:00:28 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\GlarySoft
[2013/03/27 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\OnlineVault
[2013/03/27 11:20:28 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\PCPowerSpeed
[2013/07/24 13:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\player
[2013/07/27 03:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\SearchProtect
[2013/09/17 03:02:08 | 000,000,000 | ---D | M] -- C:\Users\Rosco\AppData\Roaming\Spotify
[2013/09/27 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\.minecraft
[2013/10/23 22:18:24 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\GlarySoft
[2013/07/27 08:29:52 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\SearchProtect
[2013/08/29 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\SystemRequirementsLab

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >



OTL Extras report


OTL Extras logfile created on: 10/30/2013 9:38:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 60.26% Memory free
7.27 Gb Paging File | 6.03 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): c:\pagefile.sys 4600 6600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.21 Gb Total Space | 94.15 Gb Free Space | 65.29% Space Free | Partition Type: NTFS
Drive D: | 4.82 Gb Total Space | 4.72 Gb Free Space | 97.83% Space Free | Partition Type: FAT32

Computer Name: ROSCO-PC | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-598869867-4264938955-1491418867-1000]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0392F4CD-8F1C-446A-B01E-80C1776A2E99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{06FDD7FF-F702-44D9-A047-7DA40B592BB0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1186D64E-F21C-483A-B8F4-912F0C8161BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{175D4CBF-B3B2-44F0-A03C-40AD3553BD3E}" = lport=445 | protocol=6 | dir=in | app=system |
"{19B84BE8-D1E5-4C49-84CF-04771AEF43C4}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{1BB6D9FE-0B82-47ED-9549-052E918B4F96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{247664C8-6FD4-4E61-9E78-BD241665EAA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2E2615DF-1C10-4BF9-B32B-A3A05D8CDAED}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{37341C6D-7F74-41A7-9155-2B8892AEAED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3759143D-E2E8-453A-B4F0-5524E2B66B6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38A9AA8D-134C-47C0-88EF-C0BB525CACE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{47F63127-B691-47BB-9EA8-6C64F05987C3}" = rport=445 | protocol=6 | dir=out | app=system |
"{62082A64-68E3-4BA5-B725-F3DEE8CAA160}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{66108294-CC47-45C8-9E27-48424C228102}" = lport=139 | protocol=6 | dir=in | app=system |
"{80E6BE8B-E78F-48A2-8834-84FC22B32872}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{8279608E-88DA-4078-A6F8-BEEDA7E282FD}" = rport=139 | protocol=6 | dir=out | app=system |
"{8884BDB7-1058-4100-8971-4E46B2F03DB9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{9A4FEA26-08AB-45DB-A64E-2A50FF03A0CE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{C02122B6-0C59-48F1-8750-394443538CB3}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{D552871B-5043-4A64-8C13-A7FCDFBE04E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E26DBCB4-78A4-4381-A320-E957009A2030}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8CA52D6-3B71-41F2-A5B8-E6101E607E00}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE8AF40B-0C9D-4D86-81C6-AD7790D6FAAC}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0737BBA-0BE4-4BE1-ACA2-D958A01D43D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC49B697-EA8B-4169-BE59-115832AE2173}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05130E3F-4755-4914-9187-C235BC7A80D6}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{1105D7D7-BFB6-4499-94A7-453284097F7E}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{1202830A-EAC0-471E-B01A-9D08794F516F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{132E1DBE-555B-4119-9B77-150042EBADC3}" = protocol=17 | dir=in | app=c:\program files\pogo games\pogodgc.exe |
"{1A09B301-B825-4E1F-831A-F6391D58AE5A}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{1D00346C-7B89-496A-858B-448D6885FF8B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{2A47AD38-16AD-4285-8275-BC27540A10B0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2AEF56CA-4D1E-456A-A412-26F8B0300C5F}" = protocol=58 | dir=out | [email protected],-28546 |
"{2D3751A0-1EA2-4AE3-B74D-352636AFD47A}" = protocol=6 | dir=in | app=c:\program files\pogo games\pogodgc.exe |
"{2DEEE9FD-581C-4927-B506-7A0B20139EEC}" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{31C50A7E-C75F-489C-B76C-41BDAEA68795}" = protocol=58 | dir=in | [email protected],-28545 |
"{3287ABA2-694A-4179-B033-5A853EB7DF07}" = protocol=17 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.exe |
"{3550DDDC-0B98-41BD-B588-9431EA9C7DBC}" = protocol=17 | dir=in | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.exe |
"{3EA65A5E-F888-463D-BB7B-E3A406F1C861}" = protocol=1 | dir=in | [email protected],-28543 |
"{42512F4C-EA0C-4C46-8673-5FE3FF4552A5}" = protocol=6 | dir=out | app=system |
"{436F3600-65B2-428B-94C8-D7152EDCD936}" = protocol=6 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\tools\remotecrashsender.exe |
"{466A79B3-9CA2-4930-81E2-583504AB479F}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{467FA57E-8124-4579-B9C6-2FED32D163B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D570EFF-67A9-4CDB-BF15-7E6142C70B4B}" = protocol=6 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.exe |
"{69E4E3A9-0B14-4421-A85E-C6C160D7F0FD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{71B15798-129E-4CCF-8325-662B37BDB16F}" = protocol=17 | dir=in | app=c:\program files\pogo games\webupdater.exe |
"{85737291-0EA9-4253-AB8B-20F3F3FF8C84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85E9FE8A-777E-4137-B0D5-32C8574D9EC0}" = protocol=17 | dir=in | app=c:\program files\pogo games\pogodgc.exe |
"{870AFFD1-F295-45DD-8D7D-46B43AEE0479}" = protocol=6 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{8D004390-737E-47D8-84CB-D64450C151C7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{8DDA6B4C-6386-4BD7-B578-58F4CCA9D47A}" = protocol=17 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.exe |
"{94C8223F-87DB-44E8-9528-85FECF03A86D}" = protocol=6 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{9C9059CE-4F8A-422A-AEDD-67C5D1379A12}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6FD0C87-305A-4ACA-B9C3-09B237FE0C4F}" = protocol=6 | dir=in | app=c:\program files\pogo games\pogodgc.exe |
"{BFEB8555-0562-4A9E-B341-B13B2F79CABA}" = protocol=6 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.exe |
"{C1B972E1-0A80-4AC6-A4F9-AE4988DE0F6F}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{C621E957-0B48-4DF4-AF96-D4EEC6E4D0C6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E0F7E863-AB7B-4321-83A2-1CCF3A8A875A}" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E18F3C68-9766-406C-8FF8-D5CC1146438B}" = protocol=17 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{E511712E-7919-4F2C-B006-CA11611C5F4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9003816-0813-467F-B7DD-50C4012C0B11}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EC15F3D0-D29D-44D7-8E72-FA014BB2C6BE}" = protocol=6 | dir=out | app=c:\users\t\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{F64BC326-DAE0-49AB-9B12-99667C15434F}" = protocol=17 | dir=in | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{F79C82CD-21DA-49FF-B3C0-7EF0C230A274}" = protocol=6 | dir=in | app=c:\program files\pogo games\webupdater.exe |
"{F9EA74DA-FF3E-45B0-ACAE-6A9B4ED51C82}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{FA3ED778-BA60-4C3F-9074-4294E0EB7452}" = protocol=17 | dir=in | app=c:\users\t\appdata\local\warframe\downloaded\public\warframe.exe |
"TCP Query User{63489769-A7A8-401C-B6B4-64CE8577A00F}C:\users\rosco\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rosco\appdata\roaming\spotify\spotify.exe |
"TCP Query User{75496244-83C8-4B2F-B290-DAE7C671C991}C:\users\rosco\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rosco\appdata\roaming\spotify\spotify.exe |
"UDP Query User{89A40A6F-8718-439A-A1D8-6296653928B9}C:\users\rosco\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rosco\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B9A1BCF9-8E5D-439D-9031-7174813779F0}C:\users\rosco\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rosco\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1" = FLV Media Player version 1.3
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{4F524A2D-5637-006A-76A7-A758B70C0600}" = Ask Toolbar
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97FFE5B0-D264-45A7-A7E0-758C7B488F73}" = Warframe
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Server" = Coupon Server
"F5E2C08F5DFFC049AF4EA7617C2ADBBCB8CA8D78" = Windows Driver Package - Intel (NETw5v32) net (05/14/2009 12.4.1.11)
"Glary Utilities 3" = Glary Utilities 3.8
"Google Chrome" = Google Chrome
"hosts" = hosts
"Jewel Match: Winter Wonderland" = Jewel Match: Winter Wonderland
"LessTabs" = LessTabs
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MixiDJ_V45 Toolbar" = MixiDJ V45 Toolbar
"PogoDGC" = Pogo Games
"SearchProtect" = Search Protect by conduit
"VisualBee_V.9 Toolbar" = VisualBee V.9 Toolbar
"VLC media player" = VLC media player 2.0.6
"Wajam" = Wajam
"WhiteSmoke_New Toolbar" = WhiteSmoke New Toolbar
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2013 7:31:14 PM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2013 6:28:06 AM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2013 6:37:38 AM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2013 9:43:17 AM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2013 7:28:10 PM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2013 8:11:22 PM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2013 9:43:39 AM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2013 8:21:57 PM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/31/2013 3:06:09 AM | Computer Name = Rosco-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/31/2013 3:07:10 AM | Computer Name = Rosco-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7b4 Start Time: 01ced607822e455e Termination Time: 38

[ System Events ]
Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 10/31/2013 3:06:09 AM | Computer Name = Rosco-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 31 October 2013 - 10:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Go to the PC maker's site and see if they have a new driver for your Ethernet network adapter (Marvell Yukon Gigabit Ethernet Controller). It is throwing errors:

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error


If your PC maker doesn't have a new driver then get the one from Marvell: http://www.marvell.c...oads/search.do#


Uninstall as many of these as you can find:


Ask Toolbar
Coupon Server
Glary Utilities 3.8
Google Toolbar for Internet Explorer
LessTabs
MixiDJ V45 Toolbar
VisualBee V.9 Toolbar
Wajam
WhiteSmoke New Toolbar


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close n0tepad. Close the Command Window.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy when done.
  • 1

#3
JustTrevor
Posted 01 November 2013 - 01:35 AM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Go to the PC maker's site and see if they have a new driver for your Ethernet network adapter (Marvell Yukon Gigabit Ethernet Controller). It is throwing errors:

Error - 10/31/2013 3:04:16 AM | Computer Name = Rosco-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error


If your PC maker doesn't have a new driver then get the one from Marvell: http://www.marvell.c...oads/search.do#


Uninstall as many of these as you can find:


Ask Toolbar
Coupon Server
Glary Utilities 3.8
Google Toolbar for Internet Explorer
LessTabs
MixiDJ V45 Toolbar
VisualBee V.9 Toolbar
Wajam
WhiteSmoke New Toolbar




Sorry for the late reply, schedule/time zones but thanks for the help.

Anyway, I'm not sure what driver update or whatever I'm supposed to be downloading.


Will be uninstalling those programs and will edit when I'm done/what I uninstalled.

Do I continue with the rest of the post without updating the driver? I'll assume no for now.
  • 0

#4
RKinner
Posted 01 November 2013 - 01:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do what you can. For the driver, give me the make and model number and if applicable the service tag number and I will look for you.
  • 0

#5
JustTrevor
Posted 01 November 2013 - 01:55 AM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Do what you can. For the driver, give me the make and model number and if applicable the service tag number and I will look for you.


Um, its not my computer so where can I find that info?

And I uninstalled all of what you listed, plus looked up a few others and uninstalled those as well.

Which included:

search protect by conduit
VAFPlayer
Bonjour
hosts (by alex)

So continue with the rest of your post?
  • 0

#6
RKinner
Posted 01 November 2013 - 02:04 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Make and Part number should be on a sticker on the bottom.

Go ahead and finish the other instructions. I've got to go to bed now. It's 1 AM here.
  • 0

#7
JustTrevor
Posted 01 November 2013 - 04:18 AM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close n0tepad. Close the Command Window.)



Was only able to do up to this tonight, will continue with it tomorrow. Heres that notepad text.

Spoiler


The sfc scan said the following "Windows Resource Protection found corrupt files but was unable to fix some of them.

Details are included in the CBS.Log

The system file repair changes will take effect after the next reboot".
  • 0

#8
JustTrevor
Posted 02 November 2013 - 03:13 AM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


I try this and get a run time error 75. Path/file access error. For both system and application.

If you don't mind me asking, whats all this been for so far? what exactly seems to be the problem.

Edited by JustTrevor, 02 November 2013 - 03:42 AM.

  • 0

#9
JustTrevor
Posted 02 November 2013 - 03:43 AM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Scans logs:

Will edit them as I get them done.

ADW:

Spoiler



JRT

Spoiler




FRST

Spoiler


OTL

Spoiler

Edited by JustTrevor, 02 November 2013 - 03:56 AM.

  • 0

#10
JustTrevor
Posted 02 November 2013 - 04:05 AM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Specy thing.

Attached Files


  • 0

#11
RKinner
Posted 02 November 2013 - 12:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Speccy says your hard drive is on the way out:

07 Seek Error Rate 081 (060) Data 0008BA1BAD
C3 Hardware ECC Recovered 061 (057) Data 000125DEC0
C7 UltraDMA CRC Error Count 200 (200) Data 000000000A

Make sure you back up any data you don't want to lose. Consider buying a new drive and cloning the old one before it fails completely.

Speccy also thinks your laptop is a bit warm. It's not critical yet but make sure you run it on a hard surface and keep the air vents clear. A laptop cooler tray would be a good idea. You can get Speedfan:

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop.
Also prop up the back of the laptop with a book (don't block the vents). Propping it up in the back lets the heat rise to the heatsink which should make it cool a bit better.

VEW failed because you forgot to right click and Run As Admin. What it does is show me what errors you are getting during a reboot. Sometimes malware will damage critical services and these will show up in the logs. Mostly what I am seeing is a lot of adware.

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.

Uninstall

Adobe Acrobat Reader 3.01 This is terribly out of date and dangerous to have. You should go to Adobe.com and download the latest version of Reader which is 11.something. Wait a second after you click on Reader then uncheck the foistware (Optional Software) then download and install.

Your Microsoft Security Essentials has some sort of problem and really isn't much of an anti-virus. I would uninstall it and install the free version of Avast which is what I use on all of my PCs:

http://www.avast.com/index
Click on Download then choose the free version. (Uncheck the Chrome and Google Toolbar foistware). Decline the offer for a free trial or special offer and stick to the Basic version)
Uninstall Microsoft Security Essentials
See: http://support.micro....com/kb/2435760 if you have trouble uninstalling it
Reboot and install the free Avast by right clicking and Run As Admin.
When you register they will try and talk you in to the paid version but be firm.

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings then on Appearance. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.
  • 0

#12
JustTrevor
Posted 02 November 2013 - 06:29 PM

JustTrevor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Speccy says your hard drive is on the way out:


Make sure you back up any data you don't want to lose. Consider buying a new drive and cloning the old one before it fails completely.

Speccy also thinks your laptop is a bit warm. It's not critical yet but make sure you run it on a hard surface and keep the air vents clear. A laptop cooler tray would be a good idea. Mostly what I am seeing is a lot of adware.

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.


Well thats unfortunate that its failing. There anyway to know how long before it fails?

I do keep the laptop propped up on some sort of metal rack thing (I think its a paper tray) and I just turn it upside to get elevation, since it has decent sized holes for air. Maybe its the location of my desk. I'll try moving it to see, if not I do live in a sorta hot area.


I think I did the FRST thing correctly;

Spoiler



So is the harddrive failing the main reason for the symptoms? or is it more so the adware/malware?
  • 0

#13
RKinner
Posted 03 November 2013 - 12:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We've removed about all the adware that I can see so if it's still having slow periods then I'd say it was the hard drive.

If you have installed Avast then one night I would let it run a boot-time scan:
First mute the speakers so it won't wake you up when Windows loads.
Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
  • 1

#14
RKinner
Posted 15 November 2013 - 09:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I have my doubts about Pogo Games and VisualBee but I don't know they are bad so left them.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP