Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Super Slow PC - Farbar Posted [Closed] [Solved]


  • This topic is locked This topic is locked

#1
cloroxmartini

cloroxmartini

    Member

  • Member
  • PipPipPip
  • 134 posts
Hi, running super slow:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-12-2013
Ran by Cloroxmartini (administrator) on 5X75X on 15-12-2013 14:28:44
Running from C:\Users\Cloroxmartini\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SanDisk Corporation) C:\Users\Cloroxmartini\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [SansaDispatch] - C:\Users\Cloroxmartini\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-04-13] (SanDisk Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe -update activex [417480 2012-06-12] (Adobe Systems Incorporated)
MountPoints2: {7e6eb2d1-9eb1-11df-b60e-705ab6154b63} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {aeb11387-3d4e-11df-bff4-705ab6154b63} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {fdf44aa0-9e97-11df-a9a4-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
HKU\Mcx1-5X75X\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24z1j5t44k2y553
SearchScopes: HKLM-x32 - DefaultScope {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKLM-x32 - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://ecourt.marico...cludes/smsx.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobile...Downloader7.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-07-03] (AVAST Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 14:28 - 2013-12-15 14:29 - 00007007 _____ C:\Users\Cloroxmartini\Desktop\FRST.txt
2013-12-15 14:28 - 2013-12-15 14:28 - 00000000 ____D C:\FRST
2013-12-15 14:27 - 2013-12-15 14:27 - 01927796 _____ (Farbar) C:\Users\Cloroxmartini\Desktop\FRST64.exe

==================== One Month Modified Files and Folders =======

2013-12-15 14:29 - 2013-12-15 14:28 - 00007007 _____ C:\Users\Cloroxmartini\Desktop\FRST.txt
2013-12-15 14:28 - 2013-12-15 14:28 - 00000000 ____D C:\FRST
2013-12-15 14:27 - 2013-12-15 14:27 - 01927796 _____ (Farbar) C:\Users\Cloroxmartini\Desktop\FRST64.exe
2013-12-15 13:59 - 2013-08-25 14:47 - 00001146 _____ C:\Windows\setupact.log
2013-12-15 13:58 - 2012-09-13 20:05 - 01721873 _____ C:\Windows\WindowsUpdate.log
2013-12-15 13:40 - 2013-08-18 19:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 13:40 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 13:40 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 13:34 - 2010-04-01 17:46 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Cloroxmartini\gotomypc_540.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 16:38

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-12-2013
Ran by Cloroxmartini at 2013-12-15 14:30:00
Running from C:\Users\Cloroxmartini\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Sansa Media Converter (x32 Version: 1.0-B4.263)
Acer Assist (x32)
Acer Crystal Eye Webcam (x32 Version: 5.0.9.1)
Acer ePower Management (x32 Version: 4.05.3006)
Acer eRecovery Management (x32 Version: 4.05.3006)
Acer GridVista (x32 Version: 3.01.0730)
Acer Registration (x32 Version: 1.02.3006)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)
Adobe Reader 9.4.1 MUI (x32 Version: 9.4.1)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AMD USB Filter Driver (x32 Version: 1.0.11.86)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.10)
ATI Catalyst Install Manager (Version: 3.0.732.0)
avast! Free Antivirus (x32 Version: 7.0.1456.0)
Bonjour (Version: 3.0.0.10)
Canon D460-490
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498)
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498)
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498)
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498)
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498)
CCC Help Czech (x32 Version: 2009.0729.2226.38498)
CCC Help Danish (x32 Version: 2009.0729.2226.38498)
CCC Help Dutch (x32 Version: 2009.0729.2226.38498)
CCC Help English (x32 Version: 2009.0729.2226.38498)
CCC Help Finnish (x32 Version: 2009.0729.2226.38498)
CCC Help French (x32 Version: 2009.0729.2226.38498)
CCC Help German (x32 Version: 2009.0729.2226.38498)
CCC Help Greek (x32 Version: 2009.0729.2226.38498)
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498)
CCC Help Italian (x32 Version: 2009.0729.2226.38498)
CCC Help Japanese (x32 Version: 2009.0729.2226.38498)
CCC Help Korean (x32 Version: 2009.0729.2226.38498)
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498)
CCC Help Polish (x32 Version: 2009.0729.2226.38498)
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498)
CCC Help Russian (x32 Version: 2009.0729.2226.38498)
CCC Help Spanish (x32 Version: 2009.0729.2226.38498)
CCC Help Swedish (x32 Version: 2009.0729.2226.38498)
CCC Help Thai (x32 Version: 2009.0729.2226.38498)
CCC Help Turkish (x32 Version: 2009.0729.2226.38498)
ccc-core-static (x32 Version: 2009.0729.2227.38498)
ccc-utility64 (Version: 2009.0729.2227.38498)
CCleaner (Version: 4.04)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink PowerDVD 8 (x32 Version: 8.0.3524.50)
D3DX10 (x32 Version: 15.4.2368.0902)
Defraggler (Version: 1.17)
doPDF 7.1 printer
EuroTalk Talk Now! (x32 Version: 2.2.5.1)
Feedback Tool (x32 Version: 1.1.0)
Feedback Tool (x32 Version: 1.2.0)
GIMP 2.8.0 (Version: 2.8.0)
Google Earth (x32 Version: 6.1.0.5001)
Google Update Helper (x32 Version: 1.3.21.115)
H&R Block Arizona 2010 (x32 Version: 1.10.3101)
H&R Block Deluxe + Efile + State 2010 (x32 Version: 10.04.6402)
IrfanView (remove only) (x32 Version: 4.35)
iTunes (Version: 10.6.1.7)
Java Auto Updater (x32 Version: 2.0.6.1)
Java™ 6 Update 22 (x32 Version: 6.0.220)
Java™ 6 Update 29 (x32 Version: 6.0.290)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 3.0.02)
Legacy 7.5 (x32 Version: 7.5 )
Legacy Charting 7.5 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Memorex exPressit Label Design Studio (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nations Photo Lab ROES Easy (HKCU)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
Octoshape add-in for Adobe Flash Player (HKCU)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
OverDrive Media Console (x32 Version: 3.2.20)
Paint.NET v3.5.10 (Version: 3.60.0)
pdfsam (x32 Version: 2.2.0)
Photo! Editor 1.1 (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
QuickTime (x32 Version: 7.71.80.42)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30095)
REAPER (x64)
Samsung ML-1865W Series (x32)
Sansa Updater (HKCU Version: 1.301)
Skype Toolbars (x32 Version: 5.0.4137)
Skype™ 5.10 (x32 Version: 5.10.116)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
TurboTax 2011 (x32)
TurboTax 2011 waziper (x32 Version: 011.000.1607)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 waziper (x32 Version: 012.000.1264)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
WebM Media Foundation Components (x32 Version: 1.0.0.0)
Welcome Center (x32 Version: 1.00.3010)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR archiver

==================== Restore Points =========================

10-11-2013 22:56:20 Windows Update
16-11-2013 00:32:57 Windows Update
15-12-2013 20:33:14 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {2B86D8A5-000E-443F-AEAB-F0FFC53A17F8} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2015756887-1103127584-1082043944-1000 => Rundll32.exe portabledeviceapi.dll,#1
Task: {68AFDC20-B7F8-4A15-A5BE-E47E54CFE95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-29] (Google Inc.)
Task: {694F1864-A9CF-4530-ACAF-A912BE6BDAD8} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {8C28208B-5A7E-4990-82BF-41AB8A92A0F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03] (AVAST Software)
Task: {92288867-3EE8-421E-BE2F-72A27FA7F897} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {B0470EE5-B646-445C-B804-21D600DEBE65} - System32\Tasks\{8893D557-8033-44BA-B596-599642D10705} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {D05D20CC-3693-43E2-81C5-F4E6E4957474} - System32\Tasks\{A17DF58C-7216-43F7-AC73-ABA3ED0C3C9F} => C:\Users\Cloroxmartini\Desktop\Utilities\gparted-live-0.6.1-2\utils\win32\syslinux.exe
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {E410865F-C02E-4C32-B547-8C3756A9A46F} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-5X75X => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {E624D197-C6AC-47C1-BC32-EEC5CA304C32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{DC6756DF-1EE6-49E6-A57B-4A5264749130}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-08-27 18:30 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-15 13:45 - 2013-12-14 05:32 - 02244096 _____ () C:\Program Files\Alwil Software\Avast5\defs\13121400\algo.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MTP USB Device
Description: MTP USB Device
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Standard MTP Device)
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2013 01:57:17 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16720 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 200

Start Time: 01cef9d4f0001d11

Termination Time: 171

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/15/2013 01:32:40 PM) (Source: Bonjour Service) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1727951219 ticks; setting correction factor to -1722341195

Error: (11/10/2013 04:45:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 04:45:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 04:44:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 04:44:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 04:44:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/10/2013 04:43:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/10/2013 04:42:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 04:38:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/15/2013 01:32:43 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/15/2013 01:32:43 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/15/2013 01:32:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (11/15/2013 05:16:21 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (11/15/2013 05:16:20 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (11/15/2013 05:16:17 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (11/15/2013 05:16:14 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (11/15/2013 05:16:13 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (11/15/2013 05:16:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (11/10/2013 03:23:49 PM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (12/15/2013 01:57:17 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1672020001cef9d4f0001d11171C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/15/2013 01:32:40 PM) (Source: Bonjour Service)(User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1727951219 ticks; setting correction factor to -1722341195

Error: (11/10/2013 04:45:00 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (11/10/2013 04:45:00 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (11/10/2013 04:44:59 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (11/10/2013 04:44:59 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (11/10/2013 04:44:37 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/10/2013 04:43:10 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/10/2013 04:42:03 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe

Error: (11/10/2013 04:38:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\Setup.exe


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2812.05 MB
Available physical RAM: 1241.38 MB
Total Pagefile: 5622.28 MB
Available Pagefile: 3962.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:21.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 08FB7A8D)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hellocloroxmartini, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.


Step-1.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Download the attached fixlist.txt file and save it to the same location where the program is. (It should be the desktop)[attachment=68135:fixlist.txt]
  • Please re-open the Farbar Scan tool. To do that:
  • Right click the FRSTT64.exe file to run the program.
  • Press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Please post it in your next reply.
    The Fixlog.txt file can also be found in the same location that the program was run from.


Step-2.

Posted Image OTL Custom Scan

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.txt on the desktop. Extras.txt will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Fixlog.txt log
2. The OTL.txt log
3. The Extras.txt log
4. The aswMBR log
  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Topic re-opened at user's request.
  • 0

#5
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
The Extras.txt log did not show up so it is not included. I ran the scan twice to make sure I ran it correctly and each time no Extras.txt log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by Cloroxmartini at 2013-12-21 11:19:56 Run:1
Running from C:\Users\Cloroxmartini\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
MountPoints2: {7e6eb2d1-9eb1-11df-b60e-705ab6154b63} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {aeb11387-3d4e-11df-bff4-705ab6154b63} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {fdf44aa0-9e97-11df-a9a4-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
HKU\Mcx1-5X75X\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKLM-x32 - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
C:\Users\Cloroxmartini\gotomypc_540.exe

*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e6eb2d1-9eb1-11df-b60e-705ab6154b63} => Key deleted successfully.
HKCR\CLSID\{7e6eb2d1-9eb1-11df-b60e-705ab6154b63} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb11387-3d4e-11df-bff4-705ab6154b63} => Key deleted successfully.
HKCR\CLSID\{aeb11387-3d4e-11df-bff4-705ab6154b63} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdf44aa0-9e97-11df-a9a4-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{fdf44aa0-9e97-11df-a9a4-806e6f6e6963} => Key not found.
HKU\Mcx1-5X75X\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key deleted successfully.
HKCR\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key deleted successfully.
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value deleted successfully.
HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key not found.
HKCR\PROTOCOLS\Handler\dssrequest => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\PROTOCOLS\Handler\sacore => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest => Key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\sacore => Key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
C:\Users\Cloroxmartini\gotomypc_540.exe => Moved successfully.

==== End of Fixlog ====

OTL logfile created on: 12/21/2013 12:42:44 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cloroxmartini\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 50.80% Memory free
5.49 Gb Paging File | 4.04 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 20.37 Gb Free Space | 14.87% Space Free | Partition Type: NTFS

Computer Name: 5X75X | User Name: Cloroxmartini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/20 18:15:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cloroxmartini\Desktop\OTL.exe
PRC - [2013/04/13 06:22:09 | 000,613,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Cloroxmartini\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/21 08:44:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/29 12:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 05:03:42 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/09 04:02:47 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/10/01 22:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 02:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/29 15:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 00:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/24 16:20:38 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 19:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/18 05:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 07:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 20:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...24z1j5t44k2y553
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\..\SearchScopes,DefaultScope = {E05D00DF-64D8-40E5-8450-FD3CA2C414BE}
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\..\SearchScopes\{E05D00DF-64D8-40E5-8450-FD3CA2C414BE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Windows/system32/drivers/etc/proxy


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/07/14 14:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins

[2011/08/28 14:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cloroxmartini\AppData\Roaming\Mozilla\Extensions
[2011/08/28 14:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cloroxmartini\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/08/28 17:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cloroxmartini\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/28 14:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cloroxmartini\AppData\Roaming\Mozilla\Sunbird\Profiles\zsavvf4l.default\extensions

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000..\Run: [SansaDispatch] C:\Users\Cloroxmartini\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://ecourt.marico...cludes/smsx.cab (MeadCo ScriptX)
O16 - DPF: {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobile...Downloader7.cab (Aurigma FileDownloader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3635C02-D12D-48BC-9A31-509F0B7E4AE5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B913B1FA-EC18-4F74-847D-380576156694}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/12/21 09:34:23 | 000,000,000 | ---D | C] -- C:\Users\Cloroxmartini\Desktop\Today
[2013/12/21 09:04:13 | 000,000,000 | ---D | C] -- C:\Users\Cloroxmartini\Desktop\FRST-OlderVersion
[2013/12/21 08:52:20 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/21 08:52:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/21 08:52:15 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/21 08:52:10 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/21 08:50:43 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/12/21 08:44:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/21 08:44:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/12/21 08:44:03 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/12/21 08:44:03 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/12/21 08:44:03 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/12/21 08:44:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/21 08:44:02 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/21 08:44:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/21 08:44:02 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/12/21 08:44:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/21 08:44:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/12/21 08:44:02 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/21 08:44:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/12/21 08:44:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/12/21 08:44:02 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/21 08:44:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/21 08:44:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/12/21 08:44:01 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/21 08:44:01 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/12/21 08:44:01 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/12/21 08:44:01 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/21 08:44:01 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/21 08:44:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/21 08:44:01 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/21 08:44:01 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/12/21 08:44:01 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/12/21 08:44:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/12/21 08:44:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/12/21 08:44:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/12/21 08:44:01 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/12/21 08:44:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/12/21 08:44:01 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/12/21 08:44:01 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/12/21 08:44:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/12/21 08:44:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/21 08:44:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/12/21 08:44:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/12/21 08:44:01 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/12/21 08:44:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/12/21 08:44:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/12/21 08:44:01 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/12/21 08:44:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/12/21 08:44:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/12/21 08:44:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/21 08:44:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/12/21 08:44:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/12/21 08:44:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/12/21 08:44:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/12/21 08:44:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/12/21 08:44:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/12/21 08:44:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/21 08:44:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/12/21 08:44:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/12/21 08:44:00 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/21 08:44:00 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/12/21 08:44:00 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/21 08:44:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/21 08:44:00 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/21 08:44:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/12/21 08:44:00 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/21 08:44:00 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/21 08:44:00 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/21 08:44:00 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/12/21 08:44:00 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/12/21 08:44:00 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/12/21 08:44:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/21 08:44:00 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/12/21 08:44:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/21 08:44:00 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/12/21 08:44:00 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/21 08:44:00 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/12/21 08:44:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/12/21 08:44:00 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/21 08:44:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/12/21 08:44:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/21 08:44:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/12/21 08:44:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/21 08:44:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/12/21 08:44:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/12/21 08:44:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/15 18:55:48 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/15 18:55:48 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/15 18:55:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/15 18:55:23 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/15 18:55:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/15 18:55:04 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/15 18:55:04 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/15 18:55:02 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/15 18:55:01 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/15 18:55:01 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/15 18:55:01 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/15 18:54:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/15 18:54:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/15 16:28:01 | 000,000,000 | ---D | C] -- C:\Users\Cloroxmartini\Desktop\Camera
[2013/12/15 16:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/12/15 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\Cloroxmartini\Desktop\USB Drivers
[2013/12/15 14:28:32 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/15 14:27:36 | 002,193,141 | ---- | C] (Farbar) -- C:\Users\Cloroxmartini\Desktop\FRST64.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/21 11:19:37 | 002,193,141 | ---- | M] (Farbar) -- C:\Users\Cloroxmartini\Desktop\FRST64.exe
[2013/12/21 09:35:37 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/21 09:35:37 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/21 09:35:37 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/21 09:27:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 09:27:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 09:20:30 | 000,424,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/21 09:20:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/21 09:19:37 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/21 08:44:12 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/21 08:44:12 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/12/21 08:44:03 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/12/21 08:44:03 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/21 08:44:03 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/12/21 08:44:03 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/12/21 08:44:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/21 08:44:02 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/21 08:44:02 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/21 08:44:02 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/12/21 08:44:02 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/12/21 08:44:02 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/21 08:44:02 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/12/21 08:44:02 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/12/21 08:44:02 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/12/21 08:44:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/21 08:44:02 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/21 08:44:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/12/21 08:44:02 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/21 08:44:01 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/21 08:44:01 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/12/21 08:44:01 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/12/21 08:44:01 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/21 08:44:01 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/21 08:44:01 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/21 08:44:01 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/21 08:44:01 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/12/21 08:44:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/12/21 08:44:01 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/12/21 08:44:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/12/21 08:44:01 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/12/21 08:44:01 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/12/21 08:44:01 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/12/21 08:44:01 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/12/21 08:44:01 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/12/21 08:44:01 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/12/21 08:44:01 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/21 08:44:01 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/12/21 08:44:01 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/12/21 08:44:01 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/12/21 08:44:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/12/21 08:44:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/12/21 08:44:01 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/12/21 08:44:01 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/12/21 08:44:01 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/12/21 08:44:01 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/21 08:44:01 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/12/21 08:44:01 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/12/21 08:44:01 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/12/21 08:44:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/12/21 08:44:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/12/21 08:44:01 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/21 08:44:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/12/21 08:44:01 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/12/21 08:44:00 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/21 08:44:00 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/12/21 08:44:00 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/21 08:44:00 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/21 08:44:00 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/21 08:44:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/12/21 08:44:00 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/21 08:44:00 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/21 08:44:00 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/21 08:44:00 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/12/21 08:44:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/12/21 08:44:00 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/12/21 08:44:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/21 08:44:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/12/21 08:44:00 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/21 08:44:00 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/12/21 08:44:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/21 08:44:00 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/12/21 08:44:00 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/12/21 08:44:00 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/21 08:44:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/12/21 08:44:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/21 08:44:00 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/12/21 08:44:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/21 08:44:00 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/12/21 08:44:00 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/21 08:44:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/12/21 08:44:00 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/15 16:01:30 | 019,780,425 | ---- | M] () -- C:\Users\Cloroxmartini\Desktop\usb_drivers_GalaxyS_x64.zip
[2013/11/23 11:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 10:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/21 08:44:02 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/21 08:44:00 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/15 15:58:42 | 019,780,425 | ---- | C] () -- C:\Users\Cloroxmartini\Desktop\usb_drivers_GalaxyS_x64.zip
[2012/08/06 20:51:07 | 000,005,306 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Local\recently-used.xbel
[2012/07/29 13:37:36 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2012/02/18 14:24:14 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/05/08 20:54:37 | 000,000,000 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Local\{0D703953-C903-4E8D-969B-97700EE51BB4}
[2011/04/10 19:25:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/21 21:57:12 | 000,001,020 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Roaming\TC3-HighScores.cfg
[2010/11/21 21:57:12 | 000,000,058 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Roaming\TC3-Options.cfg
[2010/11/10 18:14:44 | 000,003,584 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 21:06:42 | 000,000,151 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/25 21:24:54 | 000,001,264 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/22 21:41:04 | 000,004,141 | ---- | C] () -- C:\Users\Cloroxmartini\mirror.RPP
[2010/04/22 21:32:48 | 000,004,040 | ---- | C] () -- C:\Users\Cloroxmartini\manhatten.RPP
[2010/04/22 20:24:25 | 040,037,452 | ---- | C] () -- C:\Users\Cloroxmartini\Ellipse mix 1.wav
[2010/04/22 20:17:02 | 000,005,025 | ---- | C] () -- C:\Users\Cloroxmartini\ellipse mix.RPP-bak
[2010/04/22 20:17:02 | 000,005,019 | ---- | C] () -- C:\Users\Cloroxmartini\ellipse mix.RPP
[2010/04/22 19:59:23 | 044,031,388 | ---- | C] () -- C:\Users\Cloroxmartini\wrong mixed 1.wav
[2010/04/22 19:50:40 | 000,005,629 | ---- | C] () -- C:\Users\Cloroxmartini\wrong mixed 1.RPP-bak
[2010/04/22 19:50:40 | 000,004,977 | ---- | C] () -- C:\Users\Cloroxmartini\wrong mixed 1.RPP
[2010/04/22 18:35:03 | 000,004,882 | ---- | C] () -- C:\Users\Cloroxmartini\traffic mixed 1.RPP
[2010/04/22 18:35:03 | 000,004,826 | ---- | C] () -- C:\Users\Cloroxmartini\traffic mixed 1.RPP-bak
[2010/04/22 18:15:04 | 041,395,528 | ---- | C] () -- C:\Users\Cloroxmartini\ros mast 1.wav
[2010/04/22 18:05:20 | 000,005,648 | ---- | C] () -- C:\Users\Cloroxmartini\ros mast 1.RPP
[2010/04/22 18:05:20 | 000,005,646 | ---- | C] () -- C:\Users\Cloroxmartini\ros mast 1.RPP-bak
[2010/04/19 21:34:26 | 000,004,809 | ---- | C] () -- C:\Users\Cloroxmartini\ros.RPP
[2010/04/03 17:46:08 | 000,009,319 | ---- | C] () -- C:\Users\Cloroxmartini\test.RPP
[2010/04/02 22:54:37 | 000,214,016 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Roaming\le329ks.pref
[2010/04/02 22:54:37 | 000,003,232 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Roaming\Battlefield Cribbage.pref
[2010/04/01 20:28:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/31 23:02:40 | 000,001,086 | ---- | C] () -- C:\Users\Cloroxmartini\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/04/25 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\acccore
[2010/03/29 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Acer
[2012/08/05 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Amazon
[2011/05/15 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\AnvSoft
[2013/03/09 15:23:34 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Ashampoo
[2010/07/24 11:57:45 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\avidemux
[2010/11/15 21:46:04 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\BitComet
[2011/05/12 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Blender Foundation
[2011/05/06 22:04:16 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\DAZ 3D
[2013/03/10 12:21:43 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\dvdae
[2012/07/18 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\DVDVideoSoft
[2011/01/16 11:00:38 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\EuroTalk
[2012/07/19 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\GetRightToGo
[2011/07/16 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\gtk-2.0
[2011/07/17 08:57:14 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\inkscape
[2013/06/06 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\IrfanView
[2010/03/29 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Leadertech
[2011/01/27 18:49:32 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Millennia
[2012/07/09 17:50:25 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\NCH Swift Sound
[2010/05/15 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\NVD
[2010/04/03 16:08:49 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\OpenOffice.org
[2013/08/25 15:13:39 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\OverDrive
[2010/12/13 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\PhotoScape
[2010/08/27 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Publish Providers
[2010/12/19 09:43:28 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\REAPER
[2011/01/16 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\SanDisk
[2011/06/04 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Singlesnet
[2010/11/08 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\SoftGrid Client
[2010/08/18 19:57:39 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Softland
[2012/05/06 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\SoftMaker
[2010/08/27 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Sony
[2011/04/10 18:19:15 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\TaxCut
[2010/03/31 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Template
[2010/05/15 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\TP
[2010/12/26 12:19:19 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\vghd
[2010/08/03 05:56:20 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Western Digital
[2010/08/02 21:06:49 | 000,000,000 | ---D | M] -- C:\Users\Cloroxmartini\AppData\Roaming\Western DigitalTemp

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Users\Cloroxmartini\AppData\Local\Temp\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SBS >
[2013/07/16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is EC20-D3F8
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Cloroxmartini
03/29/2010 01:12 PM <JUNCTION> Application Data [C:\Users\Cloroxmartini\AppData\Roaming]
03/29/2010 01:12 PM <JUNCTION> Cookies [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\Cookies]
03/29/2010 01:12 PM <JUNCTION> Local Settings [C:\Users\Cloroxmartini\AppData\Local]
03/29/2010 01:12 PM <JUNCTION> My Documents [C:\Users\Cloroxmartini\Documents]
03/29/2010 01:12 PM <JUNCTION> NetHood [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/29/2010 01:12 PM <JUNCTION> PrintHood [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/29/2010 01:12 PM <JUNCTION> Recent [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\Recent]
03/29/2010 01:12 PM <JUNCTION> SendTo [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\SendTo]
03/29/2010 01:12 PM <JUNCTION> Start Menu [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\Start Menu]
03/29/2010 01:12 PM <JUNCTION> Templates [C:\Users\Cloroxmartini\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Cloroxmartini\AppData\Local
03/29/2010 01:12 PM <JUNCTION> Application Data [C:\Users\Cloroxmartini\AppData\Local]
03/29/2010 01:12 PM <JUNCTION> History [C:\Users\Cloroxmartini\AppData\Local\Microsoft\Windows\History]
03/29/2010 01:12 PM <JUNCTION> Temporary Internet Files [C:\Users\Cloroxmartini\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Cloroxmartini\AppData\LocalLow
08/12/2010 05:25 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Cloroxmartini\Documents
03/29/2010 01:12 PM <JUNCTION> My Music [C:\Users\Cloroxmartini\Music]
03/29/2010 01:12 PM <JUNCTION> My Pictures [C:\Users\Cloroxmartini\Pictures]
03/29/2010 01:12 PM <JUNCTION> My Videos [C:\Users\Cloroxmartini\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-5X75X
04/10/2011 08:16 PM <JUNCTION> Application Data [C:\Users\Mcx1-5X75X\AppData\Roaming]
04/10/2011 08:16 PM <JUNCTION> Cookies [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\Cookies]
04/10/2011 08:16 PM <JUNCTION> Local Settings [C:\Users\Mcx1-5X75X\AppData\Local]
04/10/2011 08:16 PM <JUNCTION> My Documents [C:\Users\Mcx1-5X75X\Documents]
04/10/2011 08:16 PM <JUNCTION> NetHood [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/10/2011 08:16 PM <JUNCTION> PrintHood [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/10/2011 08:16 PM <JUNCTION> Recent [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\Recent]
04/10/2011 08:16 PM <JUNCTION> SendTo [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\SendTo]
04/10/2011 08:16 PM <JUNCTION> Start Menu [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\Start Menu]
04/10/2011 08:16 PM <JUNCTION> Templates [C:\Users\Mcx1-5X75X\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-5X75X\AppData\Local
04/10/2011 08:16 PM <JUNCTION> Application Data [C:\Users\Mcx1-5X75X\AppData\Local]
04/10/2011 08:16 PM <JUNCTION> History [C:\Users\Mcx1-5X75X\AppData\Local\Microsoft\Windows\History]
04/10/2011 08:16 PM <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-5X75X\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-5X75X\Documents
04/10/2011 08:16 PM <JUNCTION> My Music [C:\Users\Mcx1-5X75X\Music]
04/10/2011 08:16 PM <JUNCTION> My Pictures [C:\Users\Mcx1-5X75X\Pictures]
04/10/2011 08:16 PM <JUNCTION> My Videos [C:\Users\Mcx1-5X75X\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
67 Dir(s) 22,305,169,408 bytes free

< End of report >

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-21 13:03:03
-----------------------------
13:03:03.138 OS Version: Windows x64 6.1.7601 Service Pack 1
13:03:03.138 Number of processors: 1 586 0x7C02
13:03:03.154 ComputerName: 5X75X UserName:
13:03:05.852 Initialize success
13:03:12.155 AVAST engine defs: 13122100
13:03:38.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:03:38.285 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
13:03:38.456 Disk 0 MBR read successfully
13:03:38.472 Disk 0 MBR scan
13:03:38.488 Disk 0 Windows 7 default MBR code
13:03:38.519 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
13:03:38.534 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
13:03:38.566 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
13:03:38.612 Disk 0 scanning C:\Windows\system32\drivers
13:04:05.538 Service scanning
13:04:51.855 Modules scanning
13:04:51.886 Disk 0 trace - called modules:
13:04:51.964 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:04:52.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003093060]
13:04:52.541 3 CLASSPNP.SYS[fffff8800191a43f] -> nt!IofCallDriver -> [0xfffffa8003098e40]
13:04:52.557 5 ACPI.sys[fffff88000f7c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003052680]
13:04:53.586 AVAST engine scan C:\Windows
13:04:58.375 AVAST engine scan C:\Windows\system32
13:09:47.842 AVAST engine scan C:\Windows\system32\drivers
13:10:12.817 AVAST engine scan C:\Users\Cloroxmartini
13:11:40.864 Disk 0 MBR has been saved successfully to "C:\Users\Cloroxmartini\Desktop\MBR.dat"
13:11:40.879 The log file has been saved successfully to "C:\Users\Cloroxmartini\Desktop\aswMBR.txt"
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks fo the logs. The aswMBR scan shows your MBR to be OK. As for the Extras.txt log, it is only produced on the first run of OTL. Since the log you posted was run #3 and you said that you ran it two times, unless OTL has been run in the past and wasn't cleaned up properly I can't explain why it didn't start with run #1. At any rate we will force OTL to gice us an Extras.txt log. And we will get an additional scan.


Step-1.

Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the greyed out None button<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Very Important
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. Delete this file as we don't need it. The Extras.Txt file will be minimized on the taskbar.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Extras.txt log
2. The AdwCleaner[S0].txt log
  • 0

#7
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
OTL Extras logfile created on: 12/21/2013 2:11:09 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cloroxmartini\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 62.25% Memory free
5.49 Gb Paging File | 4.04 Gb Available in Paging File | 73.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 20.68 Gb Free Space | 15.10% Space Free | Partition Type: NTFS

Computer Name: 5X75X | User Name: Cloroxmartini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015EF2CF-808C-4FBB-A4F3-389611FE9E9E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{02DA05AB-632D-4424-AF91-1C7AC43978F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{04D497F9-F901-429D-BD9B-59575E64FDBC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0520A4C5-B0F4-455B-9674-7714ABE3132E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1970F9C6-761B-40B7-96B3-54859A6830CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1B468ED5-7A9A-43B3-82FF-BA6E12A103E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C9301AC-D74A-4100-9EED-D56BD6C1FA5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1E353462-7E98-4EB7-A040-5179EA3A3036}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A787D5A-E3CE-4E5B-80C9-0C0CCFC85D56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3D443882-2F65-43E8-A92E-70C7EB88920A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{423C782B-92D2-4D26-991B-341B763A1C84}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{43EF29DC-168B-4357-A107-8E9B97BC67F8}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{459A3B6F-FC92-498D-82DD-D897F51116CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4730249B-8ACA-4571-AFF1-A00BFF71C8F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{548FB08A-A69D-4F60-AABB-C3A479A8E4DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56D96497-667E-4024-892A-27439EA90D35}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5AC1487A-2841-4D54-A071-3B8FDCED938C}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5ACA3A62-DF16-4AD3-BC18-B0D8B9B06685}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5FD89166-6870-4F62-9864-8DAE625CF654}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6926AF0C-F410-4947-9652-F689A9240F97}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69BE8D5E-2D2C-4891-AE56-B2109D7A6ACB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6A7D9361-F9F5-4F65-99E8-35CACB92C0EE}" = lport=19832 | protocol=17 | dir=in | name=bitcomet 19832 udp |
"{6DD4BA24-4F23-4C37-8CF4-A543FBC7AA98}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E42E8DF-5851-440F-BDB5-18F11A0DCBB6}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{7F42ACCA-5A72-48A4-9143-48C231B43582}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{8287C878-CA20-44C9-800E-60B4A3F0BE6B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88127490-DA06-4A6C-A32F-569996135566}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9853234F-A828-4982-9EAC-F50CE9DF5C62}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9F147DA0-94F4-43ED-8FAE-BBED573D14F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5CEA93F-5232-404F-BF59-9433631A7B5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AC6CC92E-2F60-48F4-BAAB-06917CA9FA61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C14C29DE-D130-46A0-B218-8B1D5DBDA26E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C4274E18-1415-418E-B060-8EC24A251EF1}" = lport=19832 | protocol=6 | dir=in | name=bitcomet 19832 tcp |
"{C4BB95C3-012D-4EC6-8695-6C550C614933}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E36A5EDE-287F-4ACC-A9FE-1A7369CD1339}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E41100A1-DA01-42AB-8686-77BA3B527809}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E42DBA8A-EA45-4D67-8687-0554618F3126}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E8BFCA60-ED4B-42D8-8880-060AA6A7E0F9}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{EBA14227-F349-4ECB-BECF-2384A5A28A5C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F60858F6-582D-4867-98B0-51DC0347CACD}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FA7392A1-4FE4-4FAB-AD01-A9003863622C}" = lport=10244 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052E1B21-23BF-488F-8A7C-F0B269396C49}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{0556063D-BF09-4EAA-BF3B-8BBC94C84F5C}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{07DA799B-5267-4134-B60A-5131A856155E}" = protocol=6 | dir=out | app=system |
"{0FB8DD9A-57B9-418E-8F38-52B5B32D3F95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{10211DEB-4B05-465A-A6DD-7CD4BE49A0A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{194F03A5-926F-4BE6-A9C0-085D88DFE101}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1CC8FFE8-B3DD-4BB2-8EEB-07EDCC6BDE8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{250B9B2B-D87A-4EA2-A342-B878A9D5CE20}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25651721-C008-48A2-96EB-D9FA1FF5C3F2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3192CBD1-EFF7-4125-A057-6C76ADEE0B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3749B178-3A62-4A77-8CB9-D2375EE02FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{384F0CBC-FF0A-4BC2-B556-A4C6CE3D162A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F2203F4-DE9C-4AA4-AF4B-ABB0E5ADE389}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{50416B72-E9B3-4E8A-AEB5-26DEC22D4BA7}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{57D2F4FE-5BC7-489E-B8BC-DD8D58DC7EA2}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{59EC3A38-B859-40CA-8C93-607625DE19C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A58714D-9BDC-4B3C-82E1-98C1ADD6B7F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F3EE0F5-2357-4742-AFA2-78784ED90893}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{62B5B5AA-FA64-4429-AB1F-731E16983F6D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{687C0351-BBDE-4B21-8D5B-142039C3EF31}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6DABC9C6-D52D-4526-B03D-25D07B9C023C}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{70333859-17AA-4D0A-A171-906B26E6458A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{75205F3E-85CA-4200-AF15-2837D9F5BB3B}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{798BCB2C-D10C-43F3-B767-D05E21C5DB57}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7D2F03E6-91B9-4E59-9D62-5FF6C00F8EE0}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{84ECDE78-FB5A-453E-BFF3-654FC9EC55E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85DA6A17-0439-431A-9922-948142C04837}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{88DC9CB8-0591-4963-B8D5-0A31EB2B170C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{893CC9AE-AA78-4F3D-978B-06C8FBDB2D24}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8C5088FC-DC9C-478E-9497-4440B5F1546F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8D52B94A-0D56-4D46-AC18-DA990061312A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9120CC17-F7D1-42A9-9C0D-B8B8FEF664A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{942DA67D-9FC6-4EFA-AB13-1FBC9D4D707D}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{96FC77BA-C5AF-4113-9185-8CD6D7FE87FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A12CDBDF-841F-4D8D-B3B6-8D6E2BD003C4}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{A338E192-7CA8-49AA-8D4C-CA0892EBAD2C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B1455065-03AE-4F82-9568-6C77CDA07891}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C68DBDE1-C06A-41B6-A970-EF241C81AF43}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CE6A607A-EBD5-4EDB-B7F2-B4113D3472B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D95A2B93-B75A-476C-8013-7BD3AE2FED3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE0F03C0-B7DC-4DAB-978C-ECC08E922F99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E704ACE5-DF28-4A66-8BC1-423647BDB3D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E70F9BAC-91B1-4CE1-B78A-786338159F26}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{E98B79F7-64F6-445A-986D-D6E5A206FF2A}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{E9EA64C9-DF43-4F7B-88E6-5A86340943D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE872801-3A4B-46C0-BAF7-4D4B69FA4DDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2BEEF63-0EA5-4643-861D-24CA5D38311E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{54A87C1C-64E8-412A-BC2E-E4E26DBCCD78}C:\users\cloroxmartini\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\cloroxmartini\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{89102B3B-EAC6-48FD-8431-E488D507D854}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{89CA933C-17E7-48A3-A9DC-C6B0419202BB}C:\program files\reaper (x64)\reamote.exe" = protocol=6 | dir=in | app=c:\program files\reaper (x64)\reamote.exe |
"TCP Query User{9D1E0A93-EA8B-45E3-A40C-9C812BF6E1B7}C:\legacy\familysearch\legacyfs.exe" = protocol=6 | dir=in | app=c:\legacy\familysearch\legacyfs.exe |
"TCP Query User{AAFBE587-A0FD-48CB-A556-33C746727D9D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{6DB36A6C-E109-4755-B687-8D7D245E9156}C:\program files\reaper (x64)\reamote.exe" = protocol=17 | dir=in | app=c:\program files\reaper (x64)\reamote.exe |
"UDP Query User{7840877F-839D-4A51-97BD-29D89BAD960F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{9409AE70-17AB-42B9-B693-F7B7A6546D01}C:\legacy\familysearch\legacyfs.exe" = protocol=17 | dir=in | app=c:\legacy\familysearch\legacyfs.exe |
"UDP Query User{99912FC8-3B76-4991-A984-81CEBFDB003E}C:\users\cloroxmartini\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\cloroxmartini\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{DD4083C2-CCB7-4863-94B2-616280E384F3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{E6459059-B943-4770-9EE4-180F70B765F4}" = Canon D460-490
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"doPDF 7 printer_is1" = doPDF 7.1 printer
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"REAPER" = REAPER (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B8273C2-01EC-402E-8160-88A5A21E27A2}" = H&R Block Arizona 2010
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A5CC6AC-5807-4348-B963-87CE46DACA3F}" = TurboTax 2011 waziper
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1C2F918-9852-4BCB-BCC1-F837D8C70182}" = TurboTax 2012 waziper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26615EF-AF0A-486C-99C9-B65C8C401EBC}" = EuroTalk Talk Now!
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"avast" = avast! Free Antivirus
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IrfanView" = IrfanView (remove only)
"Legacy 7.5" = Legacy 7.5
"LegacyChart7_is1" = Legacy Charting 7.5
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MVApplication1" = Memorex exPressit Label Design Studio
"pdfsam" = pdfsam
"PhotoToolkit_is1" = Photo! Editor 1.1
"Samsung ML-1865W Series" = Samsung ML-1865W Series
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"webmmf" = WebM Media Foundation Components
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2015756887-1103127584-1082043944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Nations Photo Lab ROES Easy" = Nations Photo Lab ROES Easy
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2012 2:19:30 PM | Computer Name = 5x75x | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/18/2012 2:19:42 PM | Computer Name = 5x75x | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/18/2012 2:19:42 PM | Computer Name = 5x75x | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/18/2012 2:19:42 PM | Computer Name = 5x75x | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/18/2012 2:19:42 PM | Computer Name = 5x75x | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/18/2012 2:24:23 PM | Computer Name = 5x75x | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 2:44:15 PM | Computer Name = 5x75x | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 3:24:25 PM | Computer Name = 5x75x | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 3:44:17 PM | Computer Name = 5x75x | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 4:24:27 PM | Computer Name = 5x75x | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 4/10/2011 11:12:05 PM | Computer Name = 5x75x | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 4/10/2011 11:15:05 PM | Computer Name = 5x75x | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 4/14/2011 9:22:08 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 6:22:08 PM - Error connecting to the internet. 6:22:08 PM - Unable
to contact server..

Error - 4/14/2011 9:22:20 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 6:22:13 PM - Error connecting to the internet. 6:22:13 PM - Unable
to contact server..

Error - 5/13/2011 8:39:12 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 5:39:04 PM - Error connecting to the internet. 5:39:04 PM - Unable
to contact server..

Error - 6/3/2011 2:16:14 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 11:16:10 AM - Error connecting to the internet. 11:16:10 AM - Unable
to contact server..

Error - 6/4/2011 4:28:13 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 1:28:13 PM - Error connecting to the internet. 1:28:13 PM - Unable
to contact server..

Error - 6/4/2011 4:28:49 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 1:28:39 PM - Error connecting to the internet. 1:28:39 PM - Unable
to contact server..

Error - 6/4/2011 11:45:24 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 8:45:23 PM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 6/8/2011 11:05:52 PM | Computer Name = 5x75x | Source = MCUpdate | ID = 0
Description = 8:05:51 PM - Error connecting to the internet. 8:05:51 PM - Unable
to contact server..

[ System Events ]
Error - 12/15/2013 6:27:28 PM | Computer Name = 5x75x | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/15/2013 6:28:45 PM | Computer Name = 5x75x | Source = Microsoft-Windows-DriverFrameworks-UserMode | ID = 10101
Description = The driver package installation has failed. The final status was
258.

Error - 12/21/2013 11:27:52 AM | Computer Name = 5x75x | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/21/2013 11:27:55 AM | Computer Name = 5x75x | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/21/2013 11:27:55 AM | Computer Name = 5x75x | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/21/2013 12:20:21 PM | Computer Name = 5x75x | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/21/2013 12:20:21 PM | Computer Name = 5x75x | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/21/2013 12:20:21 PM | Computer Name = 5x75x | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/21/2013 12:20:21 PM | Computer Name = 5x75x | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/21/2013 12:28:11 PM | Computer Name = 5x75x | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for
Windows 7 Service Pack 1 for x64-based Systems (KB2898785).


< End of report >


# AdwCleaner v3.015 - Report created 21/12/2013 at 14:33:23
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cloroxmartini - 5X75X
# Running from : C:\Users\Cloroxmartini\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\vghd
Folder Found C:\ProgramData\FreeRIP
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Cloroxmartini\AppData\Roaming\NCH Software
Folder Found C:\Users\Cloroxmartini\AppData\Roaming\vghd

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\searchqutb
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\MGShareware
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\SearchquMediabarTb
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\MGShareware
Key Found : [x64] HKCU\Software\NCH Software
Key Found : [x64] HKCU\Software\SearchquMediabarTb
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MGShareware
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [3606 octets] - [21/12/2013 14:33:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3666 octets] ##########
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. Let's see what we can do.

Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, close all open windows and browsers and right click on MicrosoftFixit50906.msi and click Run as Administrator. OK any UAC prompts then follow the prompts >> reboot your machine if not advised to do so.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image
    and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKU\S-1-5-21-2015756887-1103127584-1082043944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Windows/system32/drivers/etc/proxy
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
C:\Users\Cloroxmartini\AppData\Roaming\BitComet

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Before running Steps 4 and 5 please disable any screen saver you have running.


Step-4.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue or OK button on the UAC window. You will now be at the main program as shown below.

Posted Image

  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-5.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The OTL fixes log
4. The MalwareBytes log
6. The ESET scan log (IF it found anything). If it didn't just let me know.
7. How is the computer running now?
  • 0

#9
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
# AdwCleaner v3.015 - Report created 22/12/2013 at 15:55:21
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cloroxmartini - 5X75X
# Running from : C:\Users\Cloroxmartini\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\vghd
Folder Deleted : C:\Users\Cloroxmartini\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Cloroxmartini\AppData\Roaming\vghd

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\SearchquMediabarTb
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutb
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MGShareware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [3806 octets] - [21/12/2013 14:33:23]
AdwCleaner[R1].txt - [3866 octets] - [22/12/2013 15:53:02]
AdwCleaner[S0].txt - [3598 octets] - [22/12/2013 15:55:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3658 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Cloroxmartini on Sun 12/22/2013 at 16:03:48.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{0640E3C4-586B-4BD5-8F83-6540CA2EAC5F}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{0EB1E7C6-2ED5-46F6-A47D-AFBF2246ACB4}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{1C47E191-6761-4E21-9F2C-7AD79941E16D}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{1E0D666A-37A1-4443-BC8A-CDE2A067AD3F}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{22E6A8EE-B86F-4BE8-A61B-109527C38427}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{2338C088-C0E9-46C8-8A05-F8C66EA0D067}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{247ECCB5-B538-4ABA-9CDC-7D430E185519}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{36ADA646-D997-4A31-BEED-745D26ACF925}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{3ABF0033-71B1-4569-AB14-3F46BF021B32}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{5281AEE4-B896-4544-8C43-D0730A6B8081}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{67F7E73F-C033-4A84-B232-A69AF3A1D72C}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{748B758F-E721-4002-95B1-9A003A3C4C99}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{7595383F-8E3C-4426-AD53-81EF5C9DC144}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{77F9C79E-1DD7-410D-BD1B-7411BA82798F}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{98875E8F-F66C-4B4E-86A8-009A00AEE3CC}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{98CC73A0-3FB2-4C85-90F8-E95C151BB663}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{B85BAE3C-E04F-4F23-B911-47EB21DED03A}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{BE2C9C2B-286F-456D-B39E-B84FFCDCA8F1}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{C05CC2DC-D877-44C7-A78E-305382C06E82}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{CAB6D3F7-CFC9-4413-84AD-B5EBF3C97F25}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{DBFFE7D2-F14E-45A9-A109-ACEF41A9904C}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{E6CFF2AC-D5D0-4096-B131-105077218F4F}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{E7C52541-927F-4CE1-8E20-4965FF89D6B7}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{F5971503-B47E-44AA-8D45-A790E8B5E1CA}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{F979185F-245A-44D4-9498-F060DD06E7C8}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{FCB3E128-98A0-49F5-BCE4-09E12744AD07}
Successfully deleted: [Empty Folder] C:\Users\Cloroxmartini\appdata\local\{FE6F58B4-20CE-44CD-9D7D-9F1FA47E37EA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/22/2013 at 16:22:10.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2015756887-1103127584-1082043944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cloroxmartini\Desktop\cmd.bat deleted successfully.
C:\Users\Cloroxmartini\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Cloroxmartini\Desktop\cmd.bat deleted successfully.
C:\Users\Cloroxmartini\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Cloroxmartini\Desktop\cmd.bat deleted successfully.
C:\Users\Cloroxmartini\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cloroxmartini
->Temp folder emptied: 12937444 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 5612282 bytes
->Flash cache emptied: 1229384 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-5X75X
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 217919 bytes

User: Public

%systemdrive% .tmp files removed: 56096 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89297937 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95269 bytes
RecycleBin emptied: 528 bytes

Total Files Cleaned = 104.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12222013_164924

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
File\Folder C:\Users\Cloroxmartini\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\US3OBIIP\ticles;ugc=0;lvl=4;tyn=1;sz=160x600;;u=cat-homegarden_scat-homeappliances_sscat-otherhomeappliances_dmd-0EA28DA8-EECD-4350-9601-EEB457FA31F2;tile=3;ord=6357050631797[1].js not found!
File\Folder C:\Users\Cloroxmartini\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\RZ4JE4ZR\;ugc=0;lvl=4;tyn=1;sz=990x90,728x90;;u=cat-homegarden_scat-homeappliances_sscat-otherhomeappliances_dmd-0EA28DA8-EECD-4350-9601-EEB457FA31F2;tile=2;ord=6357050631797[1].js not found!
File\Folder C:\Users\Cloroxmartini\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\RZ4JE4ZR\gc=0;lvl=4;tyn=1;sz=300x250,300x600;;u=cat-homegarden_scat-homeappliances_sscat-otherhomeappliances_dmd-0EA28DA8-EECD-4350-9601-EEB457FA31F2;tile=4;ord=6357050631797[1].js not found!
File\Folder C:\Users\Cloroxmartini\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NW9T2K3R\0%253B%253Bu%253Dcat-homegarden_scat-homeappliances_sscat-otherhomeappliances_dmd-0EA28DA8-EECD-4350-9601-EEB457FA31F2%253Btile%253D2%253Bord%253D6357050631797%253F[1].htm not found!
File\Folder C:\Users\Cloroxmartini\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NW9T2K3R\ticles;ugc=0;lvl=4;tyn=1;sz=300x250;;u=cat-homegarden_scat-homeappliances_sscat-otherhomeappliances_dmd-0EA28DA8-EECD-4350-9601-EEB457FA31F2;tile=5;ord=6357050631797[1].js not found!
C:\Users\Cloroxmartini\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cloroxmartini\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Cloroxmartini :: 5X75X [administrator]

12/22/2013 5:15:14 PM
mbam-log-2013-12-22 (17-15-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410381
Time elapsed: 2 hour(s), 29 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
............................
ESET Clean

Edited by cloroxmartini, 23 December 2013 - 09:16 AM.

  • 0

#10
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
I'd say it runs 40% better than it did before. IE hangs up to the point I have to close it and reopen it.
  • 0

Advertisements


#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I'd say it runs 40% better than it did before.

Well, we're making progress. Let's do a little hard drive maintenance. First we we will check the hard drive and see if it needs to be defragmented. Then we will run the System File checker. Then check the hard disk for errors.
This probably won't address IE hanging. This is just to see if there are any problems with the system files or the file system on the hard disk.
Please let me know if the browser problem happens in all browsers or just IE.


Step-1.

Hard-Drive Maintenance/Repair:

  • Click on Start Orb.
  • In the Start Search box type cmd.exe
  • At the top of the list under Programs right click on cmd.exe and click Run as Administrator. OK any UAC prompts and a Command window will open.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:

    CD C:\
  • Press the Enter key.
  • Back at the Command Prompt, type or Copy/Paste the following exactly:

    DEFRAG C: -F
  • Press the Enter key.
  • An analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • At the prompt type the following and press the Enter key:

    CD \windows\logs\cbs
  • Next type or Copy and Paste the following at the blinking cursor. Press the Enter key after each line:

    copy cbs.log cbs.old
    del cbs.log

  • Back at the blinking cursor type CD C:\ and press the Enter key.
  • Next, type sfc /scannow and press the Enter key. (Note the space between sfc and /scannow It needs to be there)
    The system file checker will start.
    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish. Do not close this Command Prompt window until the verification is 100% complete.
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Write down the results of the scan so you can post it in your next reply.
  • When the blinking cursor returns type Exit and press the Enter key. The Command window will close

Step-2.

Check Hard Disk For Errors:

Please copy everything in the quote box below into notepad. To do this highlight all text except the word Quote, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0


  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type testhd.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)
    • Click Save
    This will put a new file on the Desktop named testhd.bat
    The file icon will look like this:
    Posted Image

    Close all open windows and any open Browsers.
  • Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
  • When the command window has closed there will be a new file on the desktop named checkhd.txt
  • Copy and paste the contents of the checkhd.txt file in your next reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know what message you got fron the SFC /SCANNOW scan
2. The checkhd.txt log
3. Let me know if all browsers hang or if it's just IE
  • 0

#12
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Scannow

Windows Resource Protection did not find any integrity violations.


The type of the file system is NTFS.
Volume label is Acer.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
910 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
29852 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

143598529 KB total disk space.
120267572 KB in 165050 files.
97400 KB in 29853 indexes.
0 KB in bad sectors.
370257 KB in use by the system.
65536 KB occupied by the log file.
22863300 KB available on disk.

4096 bytes in each allocation unit.
35899632 total allocation units on disk.
5715825 allocation units available on disk.


Takes 6 seconds for Chrome to get to Bing homepage from initial click

Takes 3 seconds for IE to get to Bing homepage from initial click

Quite an improvement
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Sorry for the delay. I kinda got swamped with holiday functions. Hope yours was great.

Takes 6 seconds for Chrome to get to Bing homepage from initial click

Takes 3 seconds for IE to get to Bing homepage from initial click

Quite an improvement

That's good to hear. Let's check the IE settings and we will check for any programs that need updating.


Step-1.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Clear IE LAN Settings

  • Open the IE browser.
  • Click Tools on the Menu bar and then click Internet Options. The Internet Properties window will open.
  • From the Internet Properties window that appears, click the Connections tab

    Posted Image
  • Once you have clicked the Connections tab, click the LAN settings button.

    Posted Image

    The LAN Settings window will open.

    Posted Image
  • Copy any information (if any exists), uncheck all boxes (IF any are checked), click OK
    Usually, the only thing checked here if anything at all will be the Automatically detect settings checkbox. If it is, deselect it.
    If there is anything else listed here, copy it down first before doing anything else.

    Uncheck all the boxes and you will end up with this:

    Posted Image
  • Click OK.
  • Back at the Internet Properties window, click OK again to close the window.
  • IF you had to uncheck any boxes, close the browser and reboot Windows. Then re-open the browser and see if it made a difference.
  • IF you didn't have to uncheck any boxes just let me know.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know whether or not ant boxes needed to be unchecked in the IE settings.
2. The checkup.txt log
  • 0

#14
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 29
Java™ 6 Update 22
Java version out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



LAN settings is grayed out, I can not get into it.

Posted Image

Edited by cloroxmartini, 26 December 2013 - 07:29 PM.

  • 0

#15
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,
Thanks for the info. For the greyed out LAN tab in IE, were you logged in as an administrator? If not then reboot the computer and log into an administrator account then try the LAN tab in IE.
If you were already using an administrator account then something might have reset a group policy setting on IE. If that is the case, let's see what we can see.

This OTL custom scan will produce a very small log so please pay attention to the settings.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel /s
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel /s
HKCU\Software\Policies\Microsoft\Internet Explorer /s


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console.<--Very Important
  • Don't check any other boxes except:
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.



Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP