Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware, laptop slow, command prompt window opened by itself


  • This topic is locked This topic is locked

#1
mango_nj

mango_nj

    Member

  • Member
  • PipPipPip
  • 206 posts
Merry Christmas Geeks!

Loaned my pc to a relative and just got it back today.

Turned my system on and when the desktop loaded, a 'shutdown' msg appeared on the screen. Then a command prompt window opened that said-- joeware.net. It quickly disappeared and a blue screen came up and stayed there. I depressed power button to shut system off. Then I logged back in safe mode, which booted just fine.

I then logged into my laptop normally and noticed it's rather sluggish. Tried to delete some files that belonged to my relative and word pad even loaded slow. During the time my pc was loaned out, some new hd desktop backgrounds were saved to my system and tv shows were watched at various online sites like videobull.com----maybe something was picked up in there. I ran KasperskyAV but nothing detected.

Restarted system. Firefox msg came up on desktop -->Firefox Safemode, reset firefox....which I did. System is doing very strange things.

I also noticed, I'm having problems with microsoft updates. They're not installing properly. Used Microsoft fixit tool, to reset windows update components. It fixed some issues, but says update problem still there. I may have malware, please help! Appreciate all the assistance from you guys in the past.


OTL

OTL logfile created on: 12/10/2013 6:15:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.43 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 33.98% Memory free
3.12 Gb Paging File | 2.11 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 20.66 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/09/29 19:56:42 | 000,025,088 | ---- | M] () -- C:\Program Files\wrapper_inst\file_to_run.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2007/01/25 20:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2013/10/25 17:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 19:39:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/29 19:56:42 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\Program Files\wrapper_inst\file_to_run.exe -- (pcregservice)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/11/07 14:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 20:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/01 23:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 14:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/05 18:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/12/01 01:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions
[2013/12/01 01:40:22 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions\[email protected]
[2013/11/16 18:33:09 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/15 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 10:02:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/03/05 03:46:20 | 000,445,223 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15317 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKCU..\Run: [MyDefragReminder] C:\Program Files\ConsumerSoft\My Defragmenter\DefragReminder.exe (ConsumerSoft)
O4 - HKLM..\RunOnceEx: [TITLE] Updates File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\runonce
[2013/12/09 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2013/12/01 00:54:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TO PRINT
[2013/11/25 22:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/11/20 09:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/11/15 10:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/14 20:59:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\job questions
[2013/11/12 16:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2013/11/12 16:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/12 16:08:28 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013/11/12 15:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/10 18:14:05 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 18:14:05 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 18:11:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 07:39:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/10 00:06:36 | 000,053,589 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2013/12/09 00:05:24 | 000,012,975 | ---- | M] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/08 23:20:16 | 038,726,675 | ---- | M] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/08 10:15:30 | 000,049,776 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2013/12/05 02:25:52 | 000,037,995 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2013/12/04 06:00:19 | 000,003,715 | ---- | M] () -- C:\Users\Owner\Documents\MH Resume.rtf
[2013/12/03 17:39:25 | 000,001,788 | ---- | M] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | M] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/02 01:32:11 | 000,001,695 | ---- | M] () -- C:\Users\Owner\Documents\sansa view.rtf
[2013/12/01 04:40:19 | 003,654,136 | ---- | M] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:58 | 006,678,730 | ---- | M] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/12/01 01:38:03 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/01 01:38:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/27 11:40:31 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/11/25 22:32:26 | 000,001,764 | ---- | M] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 19:17:34 | 000,002,717 | ---- | M] () -- C:\Users\Owner\Documents\social sec.rtf
[2013/11/24 21:56:32 | 000,002,638 | ---- | M] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/19 23:15:45 | 000,004,215 | ---- | M] () -- C:\Users\Owner\Documents\ralph.rtf
[2013/11/19 02:37:46 | 000,000,472 | ---- | M] () -- C:\Users\Owner\Documents\Menstruation.rtf
[2013/11/17 15:12:02 | 000,023,295 | ---- | M] () -- C:\Users\Owner\Documents\WISH LIST.rtf
[2013/11/16 18:21:04 | 000,009,749 | ---- | M] () -- C:\Users\Owner\Documents\a.rtf
[2013/11/12 16:38:52 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:38:51 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013/11/12 15:48:35 | 000,000,079 | ---- | M] () -- C:\Windows\WinInit.Ini
[2013/11/11 11:43:32 | 000,005,301 | ---- | M] () -- C:\Users\Owner\Documents\Hair Products to get.rtf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/08 23:18:11 | 038,726,675 | ---- | C] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/05 21:57:03 | 000,012,975 | ---- | C] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | C] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/01 04:35:06 | 003,654,136 | ---- | C] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:37 | 006,678,730 | ---- | C] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/11/25 22:32:17 | 000,001,764 | ---- | C] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 22:26:48 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/11/25 19:48:38 | 000,001,788 | ---- | C] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/11/24 21:26:03 | 000,002,638 | ---- | C] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/14 21:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 16:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 09:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 09:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 16:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 11:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 19:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/18 23:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/18 23:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 12:58:00 | 000,000,079 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 22:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 22:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 22:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 22:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 22:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 22:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 22:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 19:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 01:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 21:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 13:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 13:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 18:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 01:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/12/13 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2008/12/13 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2013/06/28 05:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 347878 bytes -> C:\Users\Owner\AppData\Roaming\desktop.ini:init
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


OTL EXTRAS

OTL Extras logfile created on: 12/10/2013 6:15:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.43 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 33.98% Memory free
3.12 Gb Paging File | 2.11 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 20.66 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system |
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system |
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA01E9-DCE9-49A8-B7ED-DA47DAF76B6B}" = protocol=6 | dir=in | app=c:\program files\lexmark\status center\lmsmc.exe |
"{07885F0E-9ED4-4E04-9E74-02CD1FEF4CF0}" = protocol=17 | dir=in | app=c:\program files\lexmark\status center\lmsmc.exe |
"{12D28B69-6529-4FE2-BC3B-9B24337B29BA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdftime.exe |
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | [email protected],-28546 |
"{151131AC-168A-4232-9DD8-8CD0C3447298}" = protocol=17 | dir=in | app=c:\program files\lexmark\psu\lmpsu.exe |
"{1CF315ED-8986-49CE-9893-96579A5B6F4D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1DA6627D-ECF2-4734-9165-4AA2DC62D8F4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfpswx.exe |
"{20DBD894-E623-4417-AE7D-0C3B22B063A8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfjswx.exe |
"{2667B39B-8337-48E5-901A-6D7FF5D32AE5}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmabscw.dll |
"{2841EB6B-A46E-469C-BD60-1D3F73608D6F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfpswx.exe |
"{39DD502B-A790-44B4-977B-347CDD81477F}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfamon.exe |
"{45A74E42-1D05-4E24-AC80-12FEE9B9272D}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32__bc.dll |
"{49919916-2E75-4A1B-A12D-C0B02B5155AD}" = protocol=6 | dir=in | app=c:\program files\lexmark\psu\lmpsu.exe |
"{509DD2D9-6892-4EEE-9B6F-885B867AACAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{520BDFEB-9C0F-44A1-BE41-B869A1FD9B88}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32__bc.dll |
"{577127DA-6C05-4C6B-8114-FABDAEB9237B}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"{577D8142-2C28-4698-B875-DBB5AD4300C5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{67368528-39B4-4A91-B5C9-FD01940B0BC2}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdffax.exe |
"{690D656D-B83A-473C-8CCC-1304A7652C5C}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32serv.dll |
"{6A7803E5-4B62-494A-932A-5C4273DAF7AC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | [email protected],-28544 |
"{7AB1FAE7-8B87-437C-B0A9-5A8374EBF777}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | [email protected],-28545 |
"{8B11D1FF-7EF6-4BCE-AC05-438F335F9DFC}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"{9DF9341D-90B0-4166-BC74-2694B094A5FF}" = protocol=17 | dir=in | app=c:\windows\twain_32\lexmark\networktwain\lexnetworkds.ds |
"{9F711964-2E83-4C6B-92EB-DDFA7262E8FC}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadilscn.exe |
"{A0FA1305-C834-4570-815A-7C929B8E3837}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\frun.exe |
"{A2608910-52B6-4DB3-AEBF-BC20C68B97CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{A2FA9C88-B3FF-4874-A1C6-94EE083F5348}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A4DBE28E-0F3F-4677-9B5F-5AB29AC1F59C}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdffax.exe |
"{A5C0E5DF-6FF0-48A4-9E74-0FB4F620F8D6}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\frun.exe |
"{AA21B955-BD73-4644-A54C-E8B39502B117}" = protocol=17 | dir=in | app=c:\program files\lexmark\wirelesssetup\lmwpss.exe |
"{AEC6E3BE-CF56-449B-8A1F-6C938C819838}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfjswx.exe |
"{B0C1420B-D56E-4F0C-85C9-0411423EFF38}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdftime.exe |
"{BE12B337-9137-4D1A-84C3-C2A57E8E31D4}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadilscn.exe |
"{BE295BAC-23B6-4EC8-BF6F-37356E97FE98}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C24CBE1E-8C44-42EC-BF24-886868853584}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"{C24CD31C-B8EA-439B-86F6-E5592D0AE2DB}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfamon.exe |
"{CE397E70-5250-4EB9-838A-0516FC90DA93}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{D104F9CD-BA95-4726-BA42-F629C9157E47}" = protocol=6 | dir=in | app=c:\program files\lexmark\wirelesssetup\lmwpss.exe |
"{D4A59D00-6092-4412-801E-DF8C63791EEA}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmabscw.dll |
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | [email protected],-28543 |
"{DC4925AB-EBB3-430F-8254-8A6EE825F1C9}" = protocol=6 | dir=in | app=c:\windows\twain_32\lexmark\networktwain\lexnetworkds.ds |
"{E1F4796D-E780-4397-A313-846DC61451D0}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lextwprotocol.dll |
"{EDEFE32C-5FA7-4DAD-94B8-7B5B131A56FD}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lextwprotocol.dll |
"{FC5DA010-742D-4C0A-B24C-D36AD08170E4}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32serv.dll |
"TCP Query User{0D7A71CA-8A9E-48F0-8F93-892537A49B70}C:\program files\lexmark 6500 series\lxdfmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"TCP Query User{16A40DBD-722D-4635-AE0E-58DDA4F435AA}C:\program files\lexmark pro710 series\lmadimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"TCP Query User{1EAFEEBE-38C8-471E-915F-E9EC610479AB}C:\windows\system32\lxdfcoms.exe" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"TCP Query User{F9DB4E3E-AA91-45A3-8795-5FD2767886DA}C:\kav\kav7\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7\setup.exe |
"UDP Query User{1280E033-09EA-4E84-BE96-18E186625F54}C:\program files\lexmark 6500 series\lxdfmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"UDP Query User{157C5482-8175-47F3-992A-C849ED8DA219}C:\program files\lexmark pro710 series\lmadimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"UDP Query User{19E4C820-9C74-405E-8AAB-0F06C7589BA6}C:\windows\system32\lxdfcoms.exe" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"UDP Query User{E8EC4CE2-8951-48FB-B05A-7802C676C73C}C:\kav\kav7\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91566393-AD20-4B92-A81B-B17F31527DD4}" = My Defragmenter
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FLV Player" = FLV Player 2.0 (build 25)
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Lexmark Pro710 Series" = Lexmark Pro710 Series Uninstaller
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2013 10:38:01 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:01 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:07 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:07 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:12 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2013 10:38:12 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 9/3/2008 10:51:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2008 10:51:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2008 10:53:08 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9/3/2008 11:05:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 9/3/2008 11:06:13 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2008 11:06:13 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2008 11:07:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9/3/2008 11:11:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 9/3/2008 11:12:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2008 11:12:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.


< End of report >

Edited by mango_nj, 11 December 2013 - 12:23 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can make some inroads into this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/09/29 19:56:42 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\Program Files\wrapper_inst\file_to_run.exe -- (pcregservice)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.0.4
[2013/12/01 01:40:22 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions\[email protected]
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKCU..\Run: [MyDefragReminder] C:\Program Files\ConsumerSoft\My Defragmenter\DefragReminder.exe (ConsumerSoft)
O4 - HKLM..\RunOnceEx: [TITLE] Updates File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
@Alternate Data Stream - 347878 bytes -> C:\Users\Owner\AppData\Roaming\desktop.ini:init

:Files
C:\Program Files\wrapper_inst

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#3
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex------thanks for the quick reply and help :D

Will follow your instructions and post when I'm done.
  • 0

#4
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
HI Essex,

Completed everything. OTL gave me 2 reports. Will post both incase you need it.




OTL -- quick scan after reboot

OTL logfile created on: 12/11/2013 4:15:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.43 Gb Total Physical Memory | 0.15 Gb Available Physical Memory | 10.54% Memory free
3.12 Gb Paging File | 1.49 Gb Available in Paging File | 47.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 18.68 Gb Free Space | 28.62% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/06/28 06:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/19 05:06:23 | 000,025,600 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMADIQ40.DLL
MOD - [2012/09/19 05:06:22 | 000,431,104 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMADIQ4A.DLL
MOD - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2007/01/25 20:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2013/12/11 07:39:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/25 17:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/11/07 14:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 20:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/01 23:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 14:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/05 18:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/12/10 23:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions
[2013/12/10 23:33:19 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/15 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 10:02:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/11 16:00:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/11 15:58:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/10 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Firefox Data
[2013/12/10 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\runonce
[2013/12/09 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2013/12/01 00:54:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TO PRINT
[2013/11/25 22:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/11/20 09:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/11/15 10:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/14 20:59:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\job questions
[2013/11/12 16:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2013/11/12 16:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/12 16:08:28 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013/11/12 15:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/11 16:06:36 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 16:06:36 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 16:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/11 16:00:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/12/11 15:55:35 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/12/11 15:51:16 | 001,226,802 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2013/12/11 15:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/11 05:32:55 | 000,007,222 | ---- | M] () -- C:\Users\Owner\Documents\sosoblessed.rtf
[2013/12/10 22:00:08 | 000,001,323 | ---- | M] () -- C:\Users\Owner\Documents\geeks.rtf
[2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 00:06:36 | 000,053,589 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2013/12/09 00:05:24 | 000,012,975 | ---- | M] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/08 23:20:16 | 038,726,675 | ---- | M] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/08 10:15:30 | 000,049,776 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2013/12/05 02:25:52 | 000,037,995 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2013/12/04 06:00:19 | 000,003,715 | ---- | M] () -- C:\Users\Owner\Documents\MH Resume.rtf
[2013/12/03 17:39:25 | 000,001,788 | ---- | M] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | M] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/02 01:32:11 | 000,001,695 | ---- | M] () -- C:\Users\Owner\Documents\sansa view.rtf
[2013/12/01 04:40:19 | 003,654,136 | ---- | M] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:58 | 006,678,730 | ---- | M] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/12/01 01:38:03 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/01 01:38:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/25 22:32:26 | 000,001,764 | ---- | M] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 19:17:34 | 000,002,717 | ---- | M] () -- C:\Users\Owner\Documents\social sec.rtf
[2013/11/24 21:56:32 | 000,002,638 | ---- | M] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/19 23:15:45 | 000,004,215 | ---- | M] () -- C:\Users\Owner\Documents\ralph.rtf
[2013/11/19 02:37:46 | 000,000,472 | ---- | M] () -- C:\Users\Owner\Documents\Menstruation.rtf
[2013/11/17 15:12:02 | 000,023,295 | ---- | M] () -- C:\Users\Owner\Documents\WISH LIST.rtf
[2013/11/16 18:21:04 | 000,009,749 | ---- | M] () -- C:\Users\Owner\Documents\a.rtf
[2013/11/12 16:38:52 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:38:51 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013/11/12 15:48:35 | 000,000,079 | ---- | M] () -- C:\Windows\WinInit.Ini
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/11 15:50:51 | 001,226,802 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2013/12/11 04:55:56 | 000,007,222 | ---- | C] () -- C:\Users\Owner\Documents\sosoblessed.rtf
[2013/12/08 23:18:11 | 038,726,675 | ---- | C] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/05 21:57:03 | 000,012,975 | ---- | C] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | C] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/01 04:35:06 | 003,654,136 | ---- | C] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:37 | 006,678,730 | ---- | C] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/11/25 22:32:17 | 000,001,764 | ---- | C] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 22:26:48 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/11/25 19:48:38 | 000,001,788 | ---- | C] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/11/24 21:26:03 | 000,002,638 | ---- | C] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/14 21:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 16:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 09:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 09:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 16:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 11:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 19:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/18 23:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/18 23:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 12:58:00 | 000,000,079 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 22:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 22:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 22:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 22:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 22:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 22:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 22:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 19:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 01:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 21:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 13:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 13:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 18:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 01:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/12/13 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2008/12/13 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2013/06/28 05:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



OTL ALL PROCESSES KILLED

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service pcregservice stopped successfully!
Service pcregservice deleted successfully!
C:\Program Files\wrapper_inst\file_to_run.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: youtubemp3podcaster%40jeremy.d.gregorio.com:3.0.4 removed from extensions.enabledAddons
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions\[email protected]\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyDefragReminder deleted successfully.
C:\Program Files\ConsumerSoft\My Defragmenter\DefragReminder.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\TITLE deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
ADS C:\Users\Owner\AppData\Roaming\desktop.ini:init deleted successfully.
========== FILES ==========
C:\Program Files\wrapper_inst folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 6738612 bytes
->Temporary Internet Files folder emptied: 677525 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 377264110 bytes
->Flash cache emptied: 23313 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2634041 bytes
RecycleBin emptied: 2258 bytes

Total Files Cleaned = 369.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12112013_155820

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ADWCleaner

# AdwCleaner v3.015 - Report created 11/12/2013 at 16:53:53
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\prefs.js ]


*************************

AdwCleaner[R0].txt - [956 octets] - [11/12/2013 16:49:34]
AdwCleaner[S0].txt - [884 octets] - [11/12/2013 16:53:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [943 octets] ##########
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try windows updates and let me know what error, if any, you get

Has the computer improved any now ?
  • 0

#6
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex, Will try windows update again and also use pc a bit to see if it's better & get back to you.
Really appreciate your help.
  • 0

#7
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex, tried laptop out and it seems to be running a whole lot better and no more prompt windows opening on their own :thumbsup:


Windows update doesn't appear fixed though.

I set updates to install automatically and yet the status says----Updates Installed: Never

A balloon continuously pops up in my task bar with a 'Windows can't check for updates' message. The update icon also loads on startup and stays in my task bar. That icon used to only show up when I had updates to install. Now it never goes away.

Every time I shut down my system, it says 'configuring updates'. It can't be installing something every single day.

I checked my update history and all I see is Windows Defender. I don't know if I'm getting the right updates or not.

I took some screen shots [attached] to give you an idea of what's going on.
  • 0

#8
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex, tried laptop out and it seems to be running a whole lot better and no more prompt windows opening on their own :thumbsup:


Windows update doesn't appear fixed though.

I set updates to install automatically and yet the status says----Updates Installed: Never
Plus, it says most recent check for updates was 3/2013. Been checking for updates the last 2 days.

A balloon continuously pops up in my task bar with a 'Windows can't check for updates' message. The update icon also loads on startup and stays in my task bar. That icon used to only show up when I had updates to install. Now it never goes away.

Every time I shut down my system, it says 'configuring updates'. It can't be installing something every single day.

I checked my update history and all I see is Windows Defender. I don't know if I'm getting the right updates or not.

I took some screen shots [attached] to give you an idea of what's going on.

Attached Thumbnails

  • updates-never.jpg
  • updateIconBalloon.jpg
  • windowsUpdateHistory.jpg

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first run the windows Fixit here http://support.microsoft.com/kb/971058 use the aggressive mode if offered


Then run this small programme

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#10
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
I ran the microsoft fix it tool and it fixed many issues, but says windows update problem still there :angry:
Made a screen shot of the results for you.

Anything else you need me to do, just let me know.
Really appreciate everything Essex!




FSS


Farbar Service Scanner Version: 05-12-2013
Ran by Owner (administrator) on 14-12-2013 at 01:18:07
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 11:19] - [2013-01-04 03:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Attached Thumbnails

  • FixItToolResults.jpg

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is there a KB number for the windows update that is not installing ?

Run this tool and try again http://www.tweaking....ws_updates.html
  • 0

#12
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hey Essex! you asked what KB# was not installing

I have no idea what is not installing. Appears the windows update is corrupted. Keeps asking me to check for updates and configures new updates upon every single shutdown. Like it's stuck in a loop. Status says installs NEVER, yet I set it to install updates automatically. Don't know what caused this, I figured it was due to a virus or something, since system was acting strange. I'm at a loss and updates are important.

Use Fix It Tool and now the twerking repair, but nothing has changed. I ran the Fix It Tool again, this time I opened the detailed report [see attached]. You'll see the very first issue of updates is NOT FIXED.



Twerking windows repair said --- REPAIR DONE

but I forgot about it and didn't close the program
when I clicked stop button it said --- Stopping, waiting for current repair to finish

I left this program up for over 2 hours, but it says waiting for repair to finish

No indication it was even still running - it said it was DONE.

Did I do something wrong? [see attached]

Attached Thumbnails

  • FixItDetails.jpg
  • twerkingRepairSTUCK.jpg

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can repair the files next

Go Start > All Programs > Accessories
Right click Command Prompt and select "run as administrator"
In the black box type in the following command and press enter :

sfc/scannow

On completion reboot and try windows updates again
  • 0

#14
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hey Essex! I'm on it and I'll get back to you.

You've been so patient, helping me work thru this nightmare problem
and I can't thank you enough :P
  • 0

#15
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Running into a problem with sfc/scanner

it starts running, then stops and says....

There is a system repair pending which requires reboot to complete.
Restart and run sfc again.


I restart and it keeps saying the same thing. [see attached]


pls advise.

Attached Thumbnails

  • sfcScan.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP