Trojan.downloader9.55030
It releases a program called resetdns.exe
I was told there may be a file on my system called Looksafeutility and that is where it may be. This file is in my program folder. I asked if I deleted that file would it be safe to do so. He told me it may be buried in something I need on my system and to delete the file may cause problems. I was advised to run Malwarebytes to get rid of it, then run my antivirus. I did both in safe mode and nothing was found
My provider instructed me how to change things back if this happened again, but I will have to keep doing it. So far my connection has stayed on, but I was told it will revert if this evil is still there. Don't know how long it's been there.
Please help! thank you
OTL logfile created on: 2/10/2014 2:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.43 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 17.51% Memory free
3.12 Gb Paging File | 1.65 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 19.26 Gb Free Space | 29.51% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/10 14:32:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/02/05 15:15:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/05 03:39:29 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
PRC - [2014/01/27 18:00:00 | 000,564,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/26 15:41:52 | 000,153,776 | ---- | M] (WinZip Computing International, LLC) -- C:\Program Files\File Association Helper\FAHWindow.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/05 15:15:16 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/05 03:39:28 | 016,287,624 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_44.dll
MOD - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2007/01/25 20:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2014/02/05 03:39:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/25 17:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/02/02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/11/07 14:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 20:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/01 23:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 14:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/04/05 18:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/01/20 06:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions
[2014/01/20 06:46:13 | 000,120,471 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
[2014/01/16 06:46:13 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/05 15:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/05 15:15:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/12/11 16:00:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (WinZip Computing International, LLC)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/10 14:32:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/02/10 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2014/02/05 17:57:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2014/02/05 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\WinZip
[2014/02/05 17:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\File Association Helper
[2014/02/05 17:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/02/05 17:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/02/05 17:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/02/05 15:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/04 22:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2014/02/04 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\EP
[2014/01/16 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/16 21:51:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/16 21:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/02/10 14:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/10 14:32:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/02/10 14:20:55 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/10 14:20:54 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/10 14:17:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/10 14:14:27 | 000,137,948 | ---- | M] () -- C:\Users\Owner\Documents\Experience Project.rtf
[2014/02/09 19:34:30 | 000,023,539 | ---- | M] () -- C:\Users\Owner\Documents\WISH LIST.rtf
[2014/02/09 01:33:04 | 000,001,708 | ---- | M] () -- C:\Users\Owner\Documents\experience p.rtf
[2014/02/08 21:21:31 | 000,064,228 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2014/02/07 20:16:21 | 000,002,597 | ---- | M] () -- C:\Users\Owner\Desktop\Paint Shop Pro 7.lnk
[2014/02/06 13:00:05 | 000,000,534 | ---- | M] () -- C:\Users\Owner\Documents\SS.rtf
[2014/02/06 12:56:15 | 000,051,229 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2014/02/05 17:49:01 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/02/05 17:49:00 | 000,001,800 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2014/02/04 16:29:43 | 000,129,229 | ---- | M] () -- C:\Users\Owner\Documents\experience project Andrew.rtf
[2014/02/04 02:31:59 | 000,007,811 | ---- | M] () -- C:\Users\Owner\Documents\experience project2.rtf
[2014/02/01 13:25:22 | 000,094,872 | ---- | M] () -- C:\Users\Owner\Documents\experience project Andrew22.rtf
[2014/01/30 07:29:26 | 000,001,339 | ---- | M] () -- C:\Users\Owner\Documents\Marcus Cover Letter.rtf
[2014/01/28 21:39:03 | 000,000,650 | ---- | M] () -- C:\Users\Owner\Documents\names.rtf
[2014/01/28 06:06:01 | 000,001,061 | ---- | M] () -- C:\Users\Owner\Documents\experience project pages.rtf
[2014/01/22 09:34:11 | 000,004,549 | ---- | M] () -- C:\Users\Owner\Documents\maori and new zealand.rtf
[2014/01/22 07:30:49 | 001,913,229 | ---- | M] () -- C:\Users\Owner\Documents\Untitled (7).wma
[2014/01/22 07:28:07 | 000,251,929 | ---- | M] () -- C:\Users\Owner\Documents\Untitled (6).wma
[2014/01/22 07:27:41 | 000,224,989 | ---- | M] () -- C:\Users\Owner\Documents\Untitled (5).wma
[2014/01/22 07:26:48 | 000,166,619 | ---- | M] () -- C:\Users\Owner\Documents\Untitled (4).wma
[2014/01/22 07:26:29 | 000,512,349 | ---- | M] () -- C:\Users\Owner\Documents\Untitled (3).wma
[2014/01/22 07:25:27 | 000,615,619 | ---- | M] () -- C:\Users\Owner\Documents\Untitled (2).wma
[2014/01/22 07:14:03 | 000,588,679 | ---- | M] () -- C:\Users\Owner\Documents\Untitled.wma
[2014/01/21 10:46:09 | 000,002,575 | ---- | M] () -- C:\Users\Owner\Documents\computer symbols typing.rtf
[2014/01/16 21:51:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/02/08 22:51:51 | 000,001,708 | ---- | C] () -- C:\Users\Owner\Documents\experience p.rtf
[2014/02/06 12:58:40 | 000,000,534 | ---- | C] () -- C:\Users\Owner\Documents\SS.rtf
[2014/02/05 17:57:57 | 000,002,597 | ---- | C] () -- C:\Users\Owner\Desktop\Paint Shop Pro 7.lnk
[2014/02/05 17:49:01 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/02/05 17:48:47 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2014/02/04 02:28:06 | 000,007,811 | ---- | C] () -- C:\Users\Owner\Documents\experience project2.rtf
[2014/01/27 23:46:19 | 000,001,061 | ---- | C] () -- C:\Users\Owner\Documents\experience project pages.rtf
[2014/01/25 14:46:01 | 000,094,872 | ---- | C] () -- C:\Users\Owner\Documents\experience project Andrew22.rtf
[2014/01/23 03:49:07 | 000,129,229 | ---- | C] () -- C:\Users\Owner\Documents\experience project Andrew.rtf
[2014/01/22 07:30:48 | 001,913,229 | ---- | C] () -- C:\Users\Owner\Documents\Untitled (7).wma
[2014/01/22 07:28:07 | 000,251,929 | ---- | C] () -- C:\Users\Owner\Documents\Untitled (6).wma
[2014/01/22 07:27:41 | 000,224,989 | ---- | C] () -- C:\Users\Owner\Documents\Untitled (5).wma
[2014/01/22 07:26:48 | 000,166,619 | ---- | C] () -- C:\Users\Owner\Documents\Untitled (4).wma
[2014/01/22 07:26:29 | 000,512,349 | ---- | C] () -- C:\Users\Owner\Documents\Untitled (3).wma
[2014/01/22 07:25:27 | 000,615,619 | ---- | C] () -- C:\Users\Owner\Documents\Untitled (2).wma
[2014/01/22 07:14:03 | 000,588,679 | ---- | C] () -- C:\Users\Owner\Documents\Untitled.wma
[2014/01/21 17:34:35 | 000,004,549 | ---- | C] () -- C:\Users\Owner\Documents\maori and new zealand.rtf
[2014/01/16 21:51:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/14 21:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 16:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 09:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 09:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 16:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 11:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 19:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/18 23:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/18 23:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 12:58:00 | 000,000,079 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 22:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 22:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 22:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 22:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 22:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 22:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 22:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 19:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 01:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 21:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 13:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 13:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 18:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 01:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/12/13 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2013/12/30 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2008/12/13 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2013/06/28 05:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
----------------
OTL Extras logfile created on: 2/10/2014 2:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.43 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 17.51% Memory free
3.12 Gb Paging File | 1.65 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 19.26 Gb Free Space | 29.51% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system |
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system |
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA01E9-DCE9-49A8-B7ED-DA47DAF76B6B}" = protocol=6 | dir=in | app=c:\program files\lexmark\status center\lmsmc.exe |
"{07885F0E-9ED4-4E04-9E74-02CD1FEF4CF0}" = protocol=17 | dir=in | app=c:\program files\lexmark\status center\lmsmc.exe |
"{12D28B69-6529-4FE2-BC3B-9B24337B29BA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdftime.exe |
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | [email protected],-28546 |
"{151131AC-168A-4232-9DD8-8CD0C3447298}" = protocol=17 | dir=in | app=c:\program files\lexmark\psu\lmpsu.exe |
"{1CF315ED-8986-49CE-9893-96579A5B6F4D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1DA6627D-ECF2-4734-9165-4AA2DC62D8F4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfpswx.exe |
"{20DBD894-E623-4417-AE7D-0C3B22B063A8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfjswx.exe |
"{2667B39B-8337-48E5-901A-6D7FF5D32AE5}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmabscw.dll |
"{2841EB6B-A46E-469C-BD60-1D3F73608D6F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfpswx.exe |
"{39DD502B-A790-44B4-977B-347CDD81477F}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfamon.exe |
"{45A74E42-1D05-4E24-AC80-12FEE9B9272D}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32__bc.dll |
"{49919916-2E75-4A1B-A12D-C0B02B5155AD}" = protocol=6 | dir=in | app=c:\program files\lexmark\psu\lmpsu.exe |
"{509DD2D9-6892-4EEE-9B6F-885B867AACAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{520BDFEB-9C0F-44A1-BE41-B869A1FD9B88}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32__bc.dll |
"{577127DA-6C05-4C6B-8114-FABDAEB9237B}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"{577D8142-2C28-4698-B875-DBB5AD4300C5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{67368528-39B4-4A91-B5C9-FD01940B0BC2}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdffax.exe |
"{690D656D-B83A-473C-8CCC-1304A7652C5C}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32serv.dll |
"{6A7803E5-4B62-494A-932A-5C4273DAF7AC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | [email protected],-28544 |
"{7AB1FAE7-8B87-437C-B0A9-5A8374EBF777}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | [email protected],-28545 |
"{8B11D1FF-7EF6-4BCE-AC05-438F335F9DFC}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"{9DF9341D-90B0-4166-BC74-2694B094A5FF}" = protocol=17 | dir=in | app=c:\windows\twain_32\lexmark\networktwain\lexnetworkds.ds |
"{9F711964-2E83-4C6B-92EB-DDFA7262E8FC}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadilscn.exe |
"{A0FA1305-C834-4570-815A-7C929B8E3837}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\frun.exe |
"{A2608910-52B6-4DB3-AEBF-BC20C68B97CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{A2FA9C88-B3FF-4874-A1C6-94EE083F5348}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A4DBE28E-0F3F-4677-9B5F-5AB29AC1F59C}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdffax.exe |
"{A5C0E5DF-6FF0-48A4-9E74-0FB4F620F8D6}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\frun.exe |
"{AA21B955-BD73-4644-A54C-E8B39502B117}" = protocol=17 | dir=in | app=c:\program files\lexmark\wirelesssetup\lmwpss.exe |
"{AEC6E3BE-CF56-449B-8A1F-6C938C819838}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfjswx.exe |
"{B0C1420B-D56E-4F0C-85C9-0411423EFF38}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdftime.exe |
"{BE12B337-9137-4D1A-84C3-C2A57E8E31D4}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadilscn.exe |
"{BE295BAC-23B6-4EC8-BF6F-37356E97FE98}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C24CBE1E-8C44-42EC-BF24-886868853584}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"{C24CD31C-B8EA-439B-86F6-E5592D0AE2DB}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfamon.exe |
"{CE397E70-5250-4EB9-838A-0516FC90DA93}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{D104F9CD-BA95-4726-BA42-F629C9157E47}" = protocol=6 | dir=in | app=c:\program files\lexmark\wirelesssetup\lmwpss.exe |
"{D4A59D00-6092-4412-801E-DF8C63791EEA}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmabscw.dll |
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | [email protected],-28543 |
"{DC4925AB-EBB3-430F-8254-8A6EE825F1C9}" = protocol=6 | dir=in | app=c:\windows\twain_32\lexmark\networktwain\lexnetworkds.ds |
"{E1F4796D-E780-4397-A313-846DC61451D0}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lextwprotocol.dll |
"{EDEFE32C-5FA7-4DAD-94B8-7B5B131A56FD}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lextwprotocol.dll |
"{FC5DA010-742D-4C0A-B24C-D36AD08170E4}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32serv.dll |
"TCP Query User{0D7A71CA-8A9E-48F0-8F93-892537A49B70}C:\program files\lexmark 6500 series\lxdfmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"TCP Query User{16A40DBD-722D-4635-AE0E-58DDA4F435AA}C:\program files\lexmark pro710 series\lmadimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"TCP Query User{1EAFEEBE-38C8-471E-915F-E9EC610479AB}C:\windows\system32\lxdfcoms.exe" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"TCP Query User{F9DB4E3E-AA91-45A3-8795-5FD2767886DA}C:\kav\kav7\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7\setup.exe |
"UDP Query User{1280E033-09EA-4E84-BE96-18E186625F54}C:\program files\lexmark 6500 series\lxdfmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"UDP Query User{157C5482-8175-47F3-992A-C849ED8DA219}C:\program files\lexmark pro710 series\lmadimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"UDP Query User{19E4C820-9C74-405E-8AAB-0F06C7589BA6}C:\windows\system32\lxdfcoms.exe" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"UDP Query User{E8EC4CE2-8951-48FB-B05A-7802C676C73C}C:\kav\kav7\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{936B9029-265A-45CB-88DA-B00EAB4DD14C}" = File Association Helper
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E0}" = WinZip 18.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"FLV Player" = FLV Player 2.0 (build 25)
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Lexmark Pro710 Series" = Lexmark Pro710 Series Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/10/2014 6:23:22 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:22 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:22 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:22 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:23 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\ONLINE REGISTRATION.LNK> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:23 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\ONLINE REGISTRATION.LNK> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:23 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:23 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:24 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)
Error - 2/10/2014 6:23:24 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)
[ System Events ]
Error - 9/3/2008 10:51:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 10:51:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 10:53:08 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9/3/2008 11:05:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 9/3/2008 11:06:13 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 11:06:13 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 11:07:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9/3/2008 11:11:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 9/3/2008 11:12:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 11:12:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
< End of report >