Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware taken out wireless internet [Solved]

Started by Jan1959 , Dec 22 2013 07:53 AM

  • This topic is locked This topic is locked

#1
Jan1959
Posted 22 December 2013 - 07:53 AM

Jan1959

    Member

  • Member
  • PipPipPip
  • 255 posts
Hi Guys,

I hope that you can help me with this problem - for several months my son's laptop has been losing its wireless internet connection.

At first he just turned his laptop off and on again which seemed to cure the problem but as time went on it became worse and worse with the connection going after only 10 minutes.

I have tried to resolve this problem for him by using AdwCleaner and CC cleaner which worked temporarily for about 3 weeks before the problem recurred.

He has MBAM and Avast installed on the laptop as protection which he updates and runs weekly (including a boot scan) but nothing has been found and the wireless driver is not showing in the device manager.

He has not used his laptop for the last week and when I turned it on the was a message stating that there was a fatal error and it could not come out of hibernation. It quoted hiberfil.sys as the error. I pressed enter to continue and it loaded the windows home page, I also had a wireless connection for about 5 minutes until it disappeared again. I am currently connected to the interent via an ethernet cable and I have attached the OTL report.

I'm convinced that this is not a software/hardware fault so any help or advice would be greatly appreciated.OTL logfile created on: 12/22/2013 1:26:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.93% Memory free
7.60 Gb Paging File | 5.92 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 401.96 Gb Free Space | 86.67% Space Free | Partition Type: NTFS

Computer Name: ADAMS-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/22 13:08:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
PRC - [2013/12/04 02:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/13 21:19:57 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/13 21:19:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/16 22:08:06 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
PRC - [2012/02/16 22:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2009/11/01 16:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/01 16:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/04 02:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 02:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 02:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 02:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 02:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 02:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/25 11:20:07 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/13 21:19:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/07/30 09:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2013/12/12 10:23:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/01 16:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 16:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 21:20:00 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/13 21:20:00 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/13 21:20:00 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/13 21:20:00 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/11/09 11:16:59 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/10/25 11:20:08 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/25 11:20:08 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/25 11:20:08 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/09/10 17:10:30 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/10 17:10:30 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 22:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/08 08:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 20:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 10:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 04:15:00 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 11:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 16:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/26 11:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 19:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 07:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 16:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 16:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{33A4883A-0A14-438C-8226-48A3817BF77A}: "URL" = http://www.google.co...ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33A4883A-0A14-438C-8226-48A3817BF77A}: "URL" = http://www.google.co...ie7&rlz=1I7FTSG

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{33A4883A-0A14-438C-8226-48A3817BF77A}: "URL" = http://www.google.co...1I7FTSG_enGB457
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/07/07 12:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://plus.google.com/u/0/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/07/10 11:54:10 | 000,001,201 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\9730a4f2-86ad-46d1-bff5-4b01ab5f3313.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8610615-ADFC-4BAB-9EB4-C81A996790F7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA644F86-B6B4-42B3-B57F-B44C089DD81C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\Shell - "" = AutoRun
O33 - MountPoints2\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/22 13:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2013/11/30 14:18:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013/11/30 14:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013/11/29 13:53:27 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Skype
[2013/11/29 13:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/29 13:53:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/29 13:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/29 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/22 13:08:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2013/12/22 13:08:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/22 13:04:57 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/22 13:04:57 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/22 12:55:34 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/22 12:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/22 12:55:03 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/15 13:29:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/14 20:26:20 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/14 13:46:08 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/14 13:46:08 | 000,667,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/14 13:46:08 | 000,126,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/13 10:01:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/13 10:01:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/13 09:01:22 | 000,767,670 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/12 18:53:11 | 004,826,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/14 20:26:20 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/13 10:01:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/13 10:01:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/05 17:14:41 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2013/03/09 18:37:24 | 000,000,017 | ---- | C] () -- C:\Users\Adam\AppData\Local\resmon.resmoncfg
[2012/11/24 21:41:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/15 06:34:09 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012/05/17 13:40:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/04/03 19:16:26 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2012/04/03 19:16:26 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2012/03/02 21:25:56 | 000,007,168 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 21:23:10 | 000,000,288 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\.backup.dm

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 13:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 13:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 13:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/30 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\6500 Series
[2013/05/16 16:07:14 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Atari
[2013/10/25 11:22:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVAST Software
[2013/07/16 16:02:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon
[2013/09/05 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\CDXReader
[2012/03/21 19:14:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/20 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Fujitsu
[2013/09/05 17:12:32 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LavFilters
[2012/10/30 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2011/11/30 09:10:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Lexmark Productivity Studio
[2012/12/03 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Opera
[2013/06/28 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Oracle
[2013/12/11 20:48:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SoftGrid Client
[2012/02/05 11:12:20 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/11 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TP
[2011/12/04 17:17:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

Edited by Jan1959, 28 December 2013 - 05:16 AM.

  • 0

Advertisements

#2
godawgs
Posted 28 December 2013 - 12:28 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Jan, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

If you are able to connect to the internet with an Ethernet cable, why do you think this wireless connection problem isn't a hardware/software problem?


Step-1.

Run CKScanner

Please click here to download CKScanner.

Important : Save it to your desktop.
  • Please DO NOT run the program more than once.
  • Right click the CKScanner.exe file and click Run as Administrator. OK any UAC prompts.
  • Click Search For Files
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question
2. The CKFiles.txt log
3. The Extras.txt log
  • 0

#3
Jan1959
Posted 28 December 2013 - 01:31 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Good evening godawgs,

Thank you for agreeing to try to solve my problem, I honestly understand that you are all very busy at this time of year and I apologize if I have given you the impression that I was being impatient - that was not my intention at all.

The reason that I feel this problem is down to malware is that when my son first brought to my attention that he kept having to restart his laptop due to the wireless internet cutting out I ran both AdwCleaner and CC Cleaner to identify any problems. I then ran MBAM which picked up and quarantined several PUPs. This seemed to cure the problem but gradually, over time, it has returned and now the wireless connection has gone completely. I repeated the same steps that I had done before but this time nothing was picked up. I can post a copy of the MBAM quarantine log if you require it.

Please find CKScanner and OTL Extra log below.

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
scanner sequence 3.IE.11.OENAPZ
----- EOF -----

OTL Extras logfile created on: 12/22/2013 1:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 59.84% Memory free
7.60 Gb Paging File | 5.94 Gb Available in Paging File | 78.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 401.95 Gb Free Space | 86.67% Space Free | Partition Type: NTFS

Computer Name: ADAMS-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDC3A35-D09E-4EE6-8311-70EF66D27EC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3CE9AF5C-3184-49E1-A3EB-A4379CFCA824}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{689B35C9-5A51-47DB-A4C7-6FD256454A44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0506B741-7BEE-4F04-8B03-2AF6E138EB0C}" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\temp\lxdf\wireless\english\lxdfwpss.exe |
"{0567BA03-A4CE-4705-AD91-74B5363F0427}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe |
"{0C03E809-B072-4010-9F4A-2EC00B4F5769}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{15586935-BBEA-420B-A774-4255D9D69B8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{200D597B-93E1-4CDD-8472-07A328CE835A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{237B285A-2A6B-469A-B1B9-3BC2DED6F58A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe |
"{273E5FC4-4C6A-4891-B760-F17C9B790FE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BDC6AF0-B025-4DAC-826B-B47080A35533}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe |
"{2D7CC63D-ED9D-4AEA-8513-0B8B7E6B1BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe |
"{2E84D65E-0BAE-49B1-BEE4-C5C35B7EA704}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcfg.exe |
"{3080460E-5592-4F99-8491-AF49960B890C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe |
"{4D104599-F555-479F-86D6-C7E7E2934037}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{53AE12AD-C2BF-4B16-824E-DE13AEE44F08}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe |
"{5A8FF551-33F2-4739-909F-E2E545BEDF1C}" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\temp\lxdf\wireless\english\lxdfwpss.exe |
"{6B92100B-4C47-4C6D-B8FA-D52A169DFC77}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe |
"{7B6F3FEC-6067-4D5A-B572-79762B4B1EE5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe |
"{7BB32972-E09C-4C45-89B8-EF4B4BBA22C7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{7EC0B9DD-724B-40F2-9F12-762A854653BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80702EA5-96CF-4CBF-9D2F-08EADDFBF563}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe |
"{88BCCBB6-9A66-4C60-8C48-9B20BF224A59}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe |
"{8DDA3704-6658-46C8-8D69-B4DE8558A74C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{909FE887-4523-4A3C-BC0E-3EBF557133E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9583C8CD-A09D-4617-8EFA-5ADD9256DBDD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfjswx.exe |
"{9F0E0BB8-AF90-401C-BAA9-051E5E2BA35A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe |
"{A642422E-DE1A-4AD0-B15D-FB49C03DE447}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcfg.exe |
"{AF6AB3B3-B319-412B-B690-D00554A2739A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe |
"{B50EEC46-AEF6-4A3C-A064-A94778C1B27D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B8D06F3A-64D3-4108-BA64-44AC5BDFD318}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{BC144480-D420-4C64-97AE-8AD73C7C5078}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe |
"{C692BF13-68D4-4673-B568-DFDB2655C8F9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{C7FDFE70-1ABB-4C22-9C7C-1D8153814678}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CE555089-FF3F-4D81-BCBA-EEE62433DB54}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D3E5B123-1C62-4E25-9C8E-15204F8D3441}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe |
"{D8A2683D-4CCC-46D6-8E50-DA4F0B21632B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E893339A-0F5E-47C7-881E-6DCED7A054E9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfjswx.exe |
"TCP Query User{825700C8-3200-4ADF-87CD-70F3B04C5B1D}C:\program files (x86)\lexmark 6500 series\lxdfmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe |
"TCP Query User{D6F77F3B-54A8-4433-9465-4C55C05ECD2C}C:\program files (x86)\roleplayingmaster\dnd3e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\roleplayingmaster\dnd3e.exe |
"TCP Query User{EB764A79-B206-40AB-8D6D-C7240BC95C19}C:\program files (x86)\firefly studios\civcity rome\civcity rome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\civcity rome\civcity rome.exe |
"TCP Query User{F4E5C0E7-9C80-4539-8E26-61B35D136187}C:\program files (x86)\lexmark 6500 series\frun.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe |
"UDP Query User{376ED85F-22FE-4471-84F0-FFB2301C2E28}C:\program files (x86)\lexmark 6500 series\frun.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe |
"UDP Query User{7F699A47-5B36-4855-8D62-2F02326531D7}C:\program files (x86)\lexmark 6500 series\lxdfmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe |
"UDP Query User{80614AC2-A39C-4440-A9A1-7AC6369FD93B}C:\program files (x86)\roleplayingmaster\dnd3e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\roleplayingmaster\dnd3e.exe |
"UDP Query User{CCD4AF67-398C-42DF-A0EB-72CE9FEC7F7F}C:\program files (x86)\firefly studios\civcity rome\civcity rome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\civcity rome\civcity rome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MG5100 series User Registration" = Canon MG5100 series User Registration
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DeskUpdate_is1" = DeskUpdate
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DungeonSiege2" = Dungeon Siege 2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Shockwave" = Shockwave
"Test Your Aptitude" = Test Your Aptitude
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2013 1:54:00 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 12/14/2013 1:54:00 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 12/14/2013 1:55:11 PM | Computer Name = Adams-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 12/22/2013 8:56:49 AM | Computer Name = Adams-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 12/22/2013 9:05:55 AM | Computer Name = Adams-PC | Source = Windows Backup | ID = 4103
Description =

[ Media Center Events ]
Error - 12/11/2013 5:39:35 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 09:39:35 - Error connecting to the internet. 09:39:35 - Unable
to contact server..

Error - 12/11/2013 5:39:44 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 09:39:40 - Error connecting to the internet. 09:39:40 - Unable
to contact server..

Error - 12/11/2013 6:40:44 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 10:40:44 - Error connecting to the internet. 10:40:44 - Unable
to contact server..

Error - 12/11/2013 6:40:54 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 10:40:49 - Error connecting to the internet. 10:40:49 - Unable
to contact server..

Error - 12/11/2013 7:43:43 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 11:43:43 - Error connecting to the internet. 11:43:43 - Unable
to contact server..

Error - 12/11/2013 7:43:55 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 11:43:48 - Error connecting to the internet. 11:43:48 - Unable
to contact server..

Error - 12/11/2013 8:44:25 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 12:44:25 - Error connecting to the internet. 12:44:25 - Unable
to contact server..

Error - 12/11/2013 8:44:38 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 12:44:30 - Error connecting to the internet. 12:44:30 - Unable
to contact server..

Error - 12/12/2013 4:24:46 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 08:24:21 - Error connecting to the internet. 08:24:29 - Unable
to contact server..

Error - 12/12/2013 4:25:06 AM | Computer Name = Adams-PC | Source = MCUpdate | ID = 0
Description = 08:24:53 - Error connecting to the internet. 08:24:53 - Unable
to contact server..

[ System Events ]
Error - 12/14/2013 1:53:39 PM | Computer Name = Adams-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:52:06 on ?14/?12/?2013 was unexpected.

Error - 12/14/2013 1:53:46 PM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577

Error - 12/14/2013 1:53:46 PM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577

Error - 12/14/2013 1:53:59 PM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 12/14/2013 1:54:01 PM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 12/22/2013 8:55:17 AM | Computer Name = Adams-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:29:42 on ?15/?12/?2013 was unexpected.

Error - 12/22/2013 8:55:34 AM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577

Error - 12/22/2013 8:55:34 AM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577

Error - 12/22/2013 8:56:09 AM | Computer Name = Adams-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKE64


< End of report >
  • 0

#4
godawgs
Posted 28 December 2013 - 11:13 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

You are welcome. And you have been more than patient. We apologize for not getting to you sooner.

Unfortunately the CKScanner log shows an illegal or pirated Adobe product. The following Adobe products are on the computer:

Adobe AIR
Adobe Flash Player 11
Adobe Shockwave Player 12.0
Adobe Media Player
Adobe Reader X (10.1.8)

The first three are free so that leaves Adobe Media Player or Adobe Reader X (10.1.8) or both. The GeeksToGo Terms of Use does not permit assistance to anyone having illegal or pirated software. See 4. p of the Terms of Use.

Please uninstall the illegal program or programs if you want us to continue to assist you. Please let me know when it /they have been uninstalled and we will go from there.
  • 0

#5
Jan1959
Posted 29 December 2013 - 02:29 AM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hi,

I have uninstalled Adobe Media Player and Adobe Reader X as requested but I am at a loss to know why you think that they are illegal as they are readily available for free download on websites such as Cnet and Filehippo. On a personal level, I am very much against any pirate software and I can assure you that I would not condone using these products under any circumstances.

Having said that, I do wonder if they were corrupted in some way as after I uninstalled the software, the wireless network adapter has reappeared in the device manager but it is still not connecting to the internet.

I have not rebooted the laptop or done anything else yet and I'll wait for further instructions if you are still willing to help me?

Sorry for the rant

Jan1959
  • 0

#6
godawgs
Posted 29 December 2013 - 11:33 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I made an error...imagine that. You also have Adobe Photoshop CS5 on the system. That is likely the pirated software as Adobe Reader is indeed free.
You can reinstall it when we are done. But I wouldn't use any site other than Adobe.com That way you know you are getting it directly from the source. Just don't allow the instalation to install any 3rd party toolbars or software.
I'm not sure about Adobe Media Player. But Adobe hasn't offered any support or upgrades since Dec 15, 2010. So I would leave it uninstalled.
If you still haven't rebooted the computer, please uninstall Adobe Photoshop CS5 and then reboot the system.

I have not rebooted the laptop or done anything else yet and I'll wait for further instructions if you are still willing to help me?

Sorry for the rant

Not a problem and yes I am willing to continue.

You said earlier that ya'll had been using CrapCleaner to resolve the problem. Do you know what it removed or can you find and post the log(s)?

Registry Cleaning Tools

CCleaner is a good program but please do not use the registry cleaner module in this tool. And for that matter do not use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O33 - MountPoints2\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\Shell - "" = AutoRun
O33 - MountPoints2\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[resethosts]
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again.
  • Click the Scan All Users and 64bit Scan boxes and click the Posted Image button.
Post the log it produces in your next reply.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about CCleaner
2. The OTL fixes log
3. The new OTL.txt log
4. The aswMBR log
5. The AdwCleaner[R0].txt log
6. Are you able to connect to the internet now?
  • 0

#7
Jan1959
Posted 29 December 2013 - 12:22 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hi godawgs,

I am sincerely sorry about the Adobe Photoshop - I was unaware that the software had been 'borrowed' and installed on my son's laptop. It will not happen again.

No, sorry, I do not have the CCleaner report anymore.

I reached stage 5 of your instructions using the OTL fix when the laptop screen went black and the onto the Windows logging-on screen. I have waited a further 10 minutes before clicking log-on but there is no report and the OTL program had closed.

Would you like me to try again? I copied and pasted as requested.
  • 0

#8
godawgs
Posted 29 December 2013 - 01:05 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I am sincerely sorry about the Adobe Photoshop - I was unaware that the software had been 'borrowed' and installed on my son's laptop. It will not happen again.

No, sorry, I do not have the CCleaner report anymore.

Acknowledged.

Reboot the computer and see if the OTL fixes log shows up on the desktop. If it doesn't, check the C:\_OTL\MovedFiles\ folder for a file named mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
If it isn't there, run the fix again and go from there.
  • 0

#9
Jan1959
Posted 29 December 2013 - 02:14 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The OTL fix ran okay on the second attempt.

The wireless internet is still not working and does not show in the device manager.

This is my second attempt to answer you as the laptop froze half way through and I had to reboot.

Logs in the requested order below.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7bf3f95-1f85-11e1-ac1b-e0ca9450978e}\ not found.
File D:\LaunchU3.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Adam\Desktop\cmd.bat deleted successfully.
C:\Users\Adam\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Adam\Desktop\cmd.bat deleted successfully.
C:\Users\Adam\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Adam\Desktop\cmd.bat deleted successfully.
C:\Users\Adam\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 1239774 bytes
->Temporary Internet Files folder emptied: 628441 bytes
->Java cache emptied: 339238 bytes
->Google Chrome cache emptied: 11555516 bytes
->Apple Safari cache emptied: 177002496 bytes
->Flash cache emptied: 58010 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Journal

User: Public

User: RegBack

User: systemprofile

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 538316 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95403 bytes
RecycleBin emptied: 347945 bytes

Total Files Cleaned = 183.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12292013_191522

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 12/29/2013 7:20:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 73.50% Memory free
7.60 Gb Paging File | 6.51 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 404.21 Gb Free Space | 87.16% Space Free | Partition Type: NTFS

Computer Name: ADAMS-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/22 13:08:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
PRC - [2013/11/13 21:19:57 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/13 21:19:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/02/16 22:08:06 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
PRC - [2012/02/16 22:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2009/11/01 16:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/01 16:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 11:20:07 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/13 21:19:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/07/30 09:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2013/12/12 10:23:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/11/01 16:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 16:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 21:20:00 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/13 21:20:00 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/13 21:20:00 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/13 21:20:00 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/11/09 11:16:59 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/10/25 11:20:08 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/25 11:20:08 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/25 11:20:08 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/09/10 17:10:30 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/10 17:10:30 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 22:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/08 08:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 20:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 10:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 04:15:00 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 11:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 16:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/26 11:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 19:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 07:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 16:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 16:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{33A4883A-0A14-438C-8226-48A3817BF77A}: "URL" = http://www.google.co...ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33A4883A-0A14-438C-8226-48A3817BF77A}: "URL" = http://www.google.co...ie7&rlz=1I7FTSG


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\..\SearchScopes\{33A4883A-0A14-438C-8226-48A3817BF77A}: "URL" = http://www.google.co...1I7FTSG_enGB457
IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2013/07/07 12:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://plus.google.com/u/0/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/29 19:16:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2576400077-746485625-3359982170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8610615-ADFC-4BAB-9EB4-C81A996790F7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA644F86-B6B4-42B3-B57F-B44C089DD81C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/29 18:00:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/22 13:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2013/11/30 14:18:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013/11/30 14:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink

========== Files - Modified Within 30 Days ==========

[2013/12/29 19:17:43 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/29 19:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/29 19:17:21 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/29 19:16:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 19:16:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 19:16:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/12/29 18:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 18:08:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/25 11:02:47 | 625,658,144 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/22 13:08:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2013/12/14 20:26:20 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/14 13:46:08 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/14 13:46:08 | 000,667,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/14 13:46:08 | 000,126,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/13 10:01:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/13 10:01:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/13 09:01:22 | 000,767,670 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/12 18:53:11 | 004,826,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/12/25 11:02:47 | 625,658,144 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/14 20:26:20 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/13 10:01:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/13 10:01:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/05 17:14:41 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2013/03/09 18:37:24 | 000,000,017 | ---- | C] () -- C:\Users\Adam\AppData\Local\resmon.resmoncfg
[2012/11/24 21:41:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/15 06:34:09 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012/05/17 13:40:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/04/03 19:16:26 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2012/04/03 19:16:26 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2012/03/02 21:25:56 | 000,007,168 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 21:23:10 | 000,000,288 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\.backup.dm

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 13:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 13:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 13:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/30 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\6500 Series
[2013/05/16 16:07:14 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Atari
[2013/10/25 11:22:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVAST Software
[2013/07/16 16:02:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon
[2013/09/05 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\CDXReader
[2012/03/21 19:14:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/20 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Fujitsu
[2013/09/05 17:12:32 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LavFilters
[2012/10/30 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2011/11/30 09:10:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Lexmark Productivity Studio
[2012/12/03 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Opera
[2013/06/28 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Oracle
[2013/12/11 20:48:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SoftGrid Client
[2012/02/05 11:12:20 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/11 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TP
[2011/12/04 17:17:50 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-29 19:35:39
-----------------------------
19:35:39.512 OS Version: Windows x64 6.1.7601 Service Pack 1
19:35:39.512 Number of processors: 4 586 0x2505
19:35:39.513 ComputerName: ADAMS-PC UserName: Adam
19:35:40.977 Initialize success
19:35:43.812 AVAST engine defs: 13122900
19:36:02.668 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:36:02.673 Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
19:36:02.851 Disk 0 MBR read successfully
19:36:02.856 Disk 0 MBR scan
19:36:02.862 Disk 0 Windows 7 default MBR code
19:36:02.868 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 2049 MB offset 2048
19:36:02.884 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 474889 MB offset 4198400
19:36:02.944 Disk 0 scanning C:\Windows\system32\drivers
19:36:15.159 Service scanning
19:36:40.800 Modules scanning
19:36:40.816 Disk 0 trace - called modules:
19:36:40.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:36:40.908 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd9060]
19:36:40.919 3 CLASSPNP.SYS[fffff8800116143f] -> nt!IofCallDriver -> [0xfffffa80049cee40]
19:36:40.928 5 ACPI.sys[fffff88000fb47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d1050]
19:36:42.231 AVAST engine scan C:\Windows
19:36:46.454 AVAST engine scan C:\Windows\system32
19:39:00.318 AVAST engine scan C:\Windows\system32\drivers
19:39:13.333 AVAST engine scan C:\Users\Adam
19:43:00.371 AVAST engine scan C:\ProgramData
19:44:13.448 Scan finished successfully
19:48:49.506 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
19:48:49.511 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"


# AdwCleaner v3.016 - Report created 29/12/2013 at 19:51:35
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Adam - ADAMS-PC
# Running from : C:\Users\Adam\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2046 octets] - [25/10/2013 09:34:11]
AdwCleaner[R1].txt - [880 octets] - [27/10/2013 10:27:59]
AdwCleaner[R2].txt - [1238 octets] - [14/12/2013 20:18:43]
AdwCleaner[R3].txt - [1118 octets] - [14/12/2013 20:57:40]
AdwCleaner[R4].txt - [858 octets] - [29/12/2013 19:51:35]
AdwCleaner[S0].txt - [1903 octets] - [25/10/2013 09:38:01]
AdwCleaner[S1].txt - [940 octets] - [27/10/2013 10:29:31]
AdwCleaner[S2].txt - [1306 octets] - [14/12/2013 20:22:32]
AdwCleaner[S3].txt - [1180 octets] - [14/12/2013 21:00:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1156 octets] ##########
  • 0

#10
godawgs
Posted 29 December 2013 - 11:39 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The aswMBR and AdwCleaner scans are clean.
So the wireless adapter is missing from Device Manager again. Can you pinpoint when this started?

The OTL fix showed some strange User accounts:

User: Journal

User: Public

User: RegBack

User: systemprofile

User: TxR

Do you know what the user accounts in red are?

I want you to check the wireles connections page and see if the wireless adapter is listed there.
Click the Start Orb. In the Start and Search box type network.
Look at the top of the list under Programs for Network and Sharing Center
Click it to open it.
In the left column under Tasks, click Manage network connections and OK any UAC prompts. The Network Connections page will open.
Do you have a connection called Wireless Network Connection in the list?
Do you have more than one?
If you only have one, click it once to highlight it, then right click and click Status. The Status page will open.
Look for Media State. Does it say Enabled or Disabled?


Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The OTL fixes log
  • 0

Advertisements

#11
Jan1959
Posted 30 December 2013 - 02:40 AM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The user accounts highlighted in red are not known to me or my son.

There is no wireless network connection under Manage network connections - only a local area connection and bluetooth which is not connected.

I ran the OTL fix as instructed but after about 20 seconds a Windows message box popped up stating that 'Windows had encountered a critical problem and will restart automatically in one minute'. The laptop rebooted and I have posted the OTL log below but I think that the fix failed.

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer scheduled to be deleted on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 3013 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7651133 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Journal

User: Public

User: RegBack

User: systemprofile

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2920 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1813 bytes

Total Files Cleaned = 7.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12302013_082325

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer scheduled to be deleted on reboot.
  • 0

#12
godawgs
Posted 30 December 2013 - 12:53 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's check the system files and the file system.


Step-1.

Delete Old SFC Log and run SFC

  • Open an elevated command prompt. To do that:
    • Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)

    Posted Image
  • A command window will open like the image below:

    Posted Image

  • Type the following and press ENTER after each line:
    cd  \windows\Logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

    Back at the blinking cursor:
  • Type or copy and paste the following command and press Enter:

    sfc /scannow

    Posted Image

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish. Do not close this Command Prompt window until the verification is 100% complete.
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Write down the results of the scan so you can post them in your next reply.
  • Back at the Command Prompt C:\Windows\System32> type in the following exactly:
    CD C:\
  • Press the Enter key.
  • Back at the Command Prompt, type or Copy/Paste the following exactly:
    DEFRAG C: -F
  • Press the Enter key.
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter key. This will close the Command window.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.


Step-2.

ListChkdskResult

Please download ListChkdskResult by SleepyDude and save it to the desktop.
  • Execute the file by double clicking the ListChkdskResult icon, accept all the prompts to allow the program to run.
  • After running the script a log called ListChkdskResult.txt will open inside Notepad and the file is saved on the Desktop.
  • Copy & paste the log to your reply

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Please let me know which message you got from SFC
2. The ListChkdskResult.txt log
  • 0

#13
Jan1959
Posted 30 December 2013 - 01:39 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hi,

Just to let you know that I am still waiting on the defrag results - it has produced a pre-defrag report but I am still waiting for the actual defrag to commence.

I copied your instructions and the result was 'Windows Resource Protection did not find any integrity violations' but I did notice from your screen shot that the command line should have read C:\Windows\system32>sfc/scannow but my command line was C:\Windows\Logs\CBS>sfc/scannow. Does this make a difference?

I have been waiting for 10-15 minutes now for the defrag to start.

PS - I have forgotten my manners and just wanted to thank you for coming back to me so promptly every evening, I know that my problems are never simple! :-)
  • 0

#14
godawgs
Posted 30 December 2013 - 01:49 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome.

I copied your instructions and the result was 'Windows Resource Protection did not find any integrity violations' but I did notice from your screen shot that the command line should have read C:\Windows\system32>sfc/scannow but my command line was C:\Windows\Logs\CBS>sfc/scannow. Does this make a difference?

That's the directory it should have been in.
It the defrag doesn't run, (but since it has produced the analysis report it should run), then change the directory at the command prompt to C:\ using the following command:
CD C:\
  • 0

#15
Jan1959
Posted 30 December 2013 - 01:50 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
There is also a note stating that fragments larger than 64MB are not included in the fragmentation statistics.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP