Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer slower, unknown files (MachineKeys), clean up needed [Closed]

Started by nanalili , Nov 01 2013 01:18 PM

  • This topic is locked This topic is locked

#1
nanalili
Posted 01 November 2013 - 01:18 PM

nanalili

    Member

  • Member
  • PipPip
  • 18 posts
Hi!
thanks for reading this.

I think my computer needs a good clean up, and I don't know where to start.
I got a few blue screens in the last weeks. It was OK after a reboot.
I'm using ESET and some infected files were found and deleted recently.

Also, I found a folder with 200 000+ files: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys. It takes forever to scan. Those files have long series of numbers as names.

The kids use my computer, so a virus might have been downloaded inadvertently.

Many thanks in advance!

Here's to OTL report:

OTL logfile created on: 2013-11-01 14:12:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Annelise\Mes documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,81% Memory free
4,84 Gb Paging File | 3,15 Gb Available in Paging File | 65,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698,64 Gb Total Space | 408,18 Gb Free Space | 58,43% Space Free | Partition Type: NTFS

Computer Name: ANNELISE-18C534 | User Name: Annelise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-11-01 14:12:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annelise\Mes documents\Downloads\OTL.exe
PRC - [2013-10-18 19:32:22 | 000,064,008 | ---- | M] (Google) -- C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013-09-18 18:01:27 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-07-02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
PRC - [2013-07-02 09:16:26 | 000,254,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2013-04-04 17:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2013-01-04 23:45:30 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-08-11 17:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012-04-06 08:53:06 | 001,728,056 | ---- | M] () -- C:\Program Files\HP Button Manager\BM.exe
PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012-03-07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2012-01-18 11:58:52 | 000,145,984 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2010-10-27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010-08-25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-09-08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-12-25 05:00:00 | 000,177,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE
PRC - [2005-07-15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2013-05-10 03:57:34 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2013-02-09 19:44:26 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013-01-04 23:45:33 | 003,021,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-04-06 08:53:06 | 001,728,056 | ---- | M] () -- C:\Program Files\HP Button Manager\BM.exe
MOD - [2012-04-01 01:33:38 | 000,071,864 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll
MOD - [2012-04-01 01:33:32 | 000,232,120 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll
MOD - [2012-02-20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2012-02-20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2012-02-20 13:58:10 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2012-01-08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008-04-13 22:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013-09-18 18:01:27 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-07-25 09:40:44 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-09 19:44:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-01-04 23:45:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-11 17:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2012-01-18 11:58:52 | 000,145,984 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-07-20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-09-08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009-04-23 14:34:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-04-23 09:13:29 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-09-25 11:26:29 | 000,013,928 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RsProxy.sys -- (RsProxy)
DRV - [2012-03-14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012-03-14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012-03-14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012-03-14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011-08-19 01:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2008-11-27 08:21:40 | 000,650,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008-04-25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007-06-06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-03-17 18:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3176921
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3176921
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "express-files Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: fr-dicollecte%40dictionaries.addons.mozilla.org:4.8
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.1
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1912
FF - prefs.js..keyword.URL: "http://search.babylo...02127cda49a&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Annelise\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Annelise\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Annelise\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Annelise\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-11-06 14:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-01-14 12:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-05-17 13:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-04-22 11:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-08-29 17:48:55 | 000,000,000 | ---D | M]

[2009-04-22 12:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Extensions
[2012-12-03 10:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Firefox\Profiles\qirlvbgd.default\extensions
[2012-11-19 14:47:24 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Firefox\Profiles\qirlvbgd.default\extensions\[email protected]
[2012-07-14 13:19:59 | 000,009,693 | ---- | M] () (No name found) -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Firefox\Profiles\qirlvbgd.default\extensions\[email protected]
[2012-09-18 17:28:20 | 000,506,361 | ---- | M] () (No name found) -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Firefox\Profiles\qirlvbgd.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012-12-03 10:12:44 | 000,710,866 | ---- | M] () (No name found) -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Firefox\Profiles\qirlvbgd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012-03-27 18:32:16 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Annelise\Application Data\Mozilla\Firefox\Profiles\qirlvbgd.default\searchplugins\conduit.xml
[2013-02-25 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-01-04 23:45:48 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-02 17:31:50 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013-01-04 23:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013-01-04 23:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3176921
CHR - default_search_provider: suggest_url = http://search.conduit.com/,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\RobloxVersions\version-ef80cfd9c83546fe\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Annelise\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Pinterest = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_1\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Annelise\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2012-11-06 14:42:04 | 000,000,818 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Button Manager.lnk = C:\Program Files\HP Button Manager\BM.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1351693315156 (MUWebControl Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://eset.webex.c...ort/ieatgpc.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E42F2C-40FB-437F-8B5A-06ECC105FD66}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Annelise\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Annelise\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-22 10:54:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{501ea5fa-d0e9-11e1-91a0-ed5557474ae1}\Shell - "" = AutoRun
O33 - MountPoints2\{501ea5fa-d0e9-11e1-91a0-ed5557474ae1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-24 18:42:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-10-19 11:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013-10-15 09:27:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013-10-15 09:27:17 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013-10-15 09:25:36 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013-10-15 09:25:36 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013-10-15 09:25:20 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013-10-15 09:25:20 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013-10-15 09:25:20 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013-10-08 12:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annelise\Bureau\Raccourcis Bureau non utilisés
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-31 20:49:00 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-838170752-839522115-1003UA.job
[2013-10-31 20:44:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-10-30 11:23:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013-10-30 10:49:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-838170752-839522115-1003Core.job
[2013-10-30 09:56:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-30 09:55:58 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express Files Updater.job
[2013-10-30 09:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-23 14:25:21 | 000,065,632 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\Formulaire_admission.pdf
[2013-10-22 12:07:14 | 000,065,975 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\dorland5.jpg
[2013-10-22 12:07:05 | 000,050,500 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\dorland4.jpg
[2013-10-22 12:05:44 | 000,074,052 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\dorland3.jpg
[2013-10-22 12:05:36 | 000,065,427 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\dorland2.jpg
[2013-10-22 12:04:10 | 000,329,975 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\dorland.jpg
[2013-10-21 08:41:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-10-20 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ANNELISE-18C534-Annelise.job
[2013-10-18 12:46:12 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Annelise\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013-10-16 16:08:33 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Annelise\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-10-16 15:04:56 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Annelise\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-10-16 14:51:39 | 003,583,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-10-16 13:33:58 | 000,569,042 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013-10-16 13:33:58 | 000,496,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-10-16 13:33:58 | 000,101,592 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013-10-16 13:33:58 | 000,085,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-10-16 13:30:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-10-14 13:11:35 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Annelise\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013-10-02 19:20:28 | 000,038,085 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\gouvernement_royal-1663.gif
[2013-10-02 19:19:54 | 000,031,102 | ---- | M] () -- C:\Documents and Settings\Annelise\Bureau\gouvernement_1645.gif
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-23 14:25:21 | 000,065,632 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\Formulaire_admission.pdf
[2013-10-22 12:07:14 | 000,065,975 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\dorland5.jpg
[2013-10-22 12:07:04 | 000,050,500 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\dorland4.jpg
[2013-10-22 12:05:44 | 000,074,052 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\dorland3.jpg
[2013-10-22 12:05:36 | 000,065,427 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\dorland2.jpg
[2013-10-22 12:04:10 | 000,329,975 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\dorland.jpg
[2013-10-02 19:20:28 | 000,038,085 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\gouvernement_royal-1663.gif
[2013-10-02 19:19:53 | 000,031,102 | ---- | C] () -- C:\Documents and Settings\Annelise\Bureau\gouvernement_1645.gif
[2013-09-25 11:13:03 | 000,013,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\RsProxy.sys
[2013-05-31 09:38:34 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2013-04-19 11:25:54 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Annelise\Application Data\Adobe BMP Format CS5 Prefs
[2013-04-10 10:20:07 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Annelise\USB001
[2013-04-10 10:16:28 | 000,001,013 | ---- | C] () -- C:\WINDOWS\DKAAE2DD.ini
[2013-04-07 15:40:22 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Annelise\Application Data\AVSDVDPlayer.m3u
[2013-04-07 14:21:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013-04-07 14:21:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012-11-09 09:57:56 | 000,000,252 | ---- | C] () -- C:\WINDOWS\System32\msdllhlp.dll
[2012-10-03 11:09:34 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Annelise\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012-08-29 12:37:49 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Annelise\Local Settings\Application Data\dt.dat
[2012-07-19 12:23:48 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-06-03 16:55:25 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012-06-03 16:44:24 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012-06-02 13:50:37 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-04-11 11:40:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Annelise\Local Settings\Application Data\PUTTY.RND
[2012-04-01 10:37:27 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Annelise\.recently-used.xbel
[2012-03-20 12:53:04 | 000,029,180 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-02-20 13:59:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012-02-20 13:58:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012-02-20 13:58:10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012-02-15 09:40:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-06 10:16:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-04-27 14:07:14 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Annelise\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012-02-13 19:00:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013-09-23 03:39:55 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 06:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-13 22:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 968 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:9LFYA8g4nkLROvRswH9XB9nEv
@Alternate Data Stream - 1094 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:p1whwbdnYfjVMDOv4v63tDY
@Alternate Data Stream - 1086 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VMFLKl8ZTbL5UVefI6MH

< End of report >
  • 0

Advertisements

#2
blmadara
Posted 06 November 2013 - 07:28 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi nanalili, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (do not copy the word, Quote.)


    netsvcs
msconfig
drives
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
  • Please select the Scan All Users checkbox.
  • Make sure the checkboxes next to Lop Check and Purity Check are selected.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post both of the logs it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

Step Three: Computer Symptoms

Please let me know what problems you are having with your computer.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
3. Let me know what problems you are having with your computer.
  • 0

#3
Essexboy
Posted 13 November 2013 - 08:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP