Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked, and slowed Down

Started by 67mopar , Mar 07 2014 07:58 AM

  • Please log in to reply

#1
67mopar
Posted 07 March 2014 - 07:58 AM

67mopar

    Member

  • Member
  • PipPipPip
  • 202 posts
Hi all something is running in my background, and its hogging up all my processor speed, Biscuithd helped me out a few weeks ago, and did a fantastic job, things were fine, but my reckless searches for streaming , and drum parts, got me in trouble again, I suspect its some search program, as i see one in my processes, but it wont go away. If someone could please check the log to see if something stands out, Id love to get it it back to normal. Thanks, Dean

OTL Extras logfile created on: 03/07/2014 8:25:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 37.49% Memory free
6.21 Gb Paging File | 3.84 Gb Available in Paging File | 61.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 13.39 Gb Free Space | 12.09% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023D56C9-F4E3-419F-89BC-CA06ABB38B2E}" = lport=445 | protocol=6 | dir=in | app=system |
"{03BDE59D-7D50-4AFC-86DF-7CBFAA11706D}" = lport=137 | protocol=17 | dir=in | app=system |
"{1314D835-A6BE-44B9-94CF-6502645F7614}" = rport=445 | protocol=6 | dir=out | app=system |
"{349ADF90-A20F-481E-9234-E9C2DB667A8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{36F24785-4336-4184-8512-6DCE1C021D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3886C711-CA38-42A9-9356-E0F96BBFF46C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{4C7E5A07-79C9-4FAE-B1C1-5E4E695F523E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{56C9CBD2-149E-4AAC-BEB7-200D36354248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5939D1AF-F375-4C31-95FF-F48934E2F3D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{61E7365A-CFDE-4A7D-8906-F1BFBD4C8F9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7016D08B-7F47-4EF7-AF60-9E50E931DF1A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{896B4593-8AF7-4995-BA79-6F076C0C7854}" = rport=138 | protocol=17 | dir=out | app=system |
"{D06F8D68-6B68-4553-8852-02B1272C5F1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD16DCB1-436B-409C-8B19-0F6CE69A7ED6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E282B21E-5825-40E3-9C03-902FED72F9F2}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{207D8DDD-4ACF-4F77-B707-35A7D9103E45}" = protocol=1 | dir=out | [email protected],-28544 |
"{30F75CB8-8C74-4323-A102-C62EA5FF6506}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{3833D88C-3F1D-4254-A1E1-7F09BD480DBB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{38D4281E-3F87-4372-8AC7-E1B038BFF75F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{3E23BB9E-81E4-473C-94ED-00868BBF0C9D}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{3F02AB13-0458-4114-81A2-E1674EE69445}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{5714A4A6-27E9-405B-8954-4B9BDF5C0003}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{60112BA6-3533-4DA8-94A3-65433642EFEB}" = dir=in | app=c:\program files\hp\digital imaging\{fa0f0a01-4631-4161-a6c2-948bf694382e}\setup\hpznui01.exe |
"{6C12A554-DA55-4A44-99F4-6A92F87D0ADD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{7CB8280A-BD55-4375-ABC1-C1F5CBC6ACE5}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{889DA711-718F-4AA6-859C-2EC1EBEAB3E0}" = protocol=1 | dir=in | [email protected],-28543 |
"{8ECB42F9-F966-46C9-BE1E-1A1EC5FE095E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{A26C99A7-41AE-41DD-8CDA-7161C3AB0526}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AD33DF4A-2D8D-42C5-A658-CD8C80053849}" = protocol=58 | dir=out | [email protected],-28546 |
"{B4FD7DAC-AA5A-4ABC-AD82-362B06A4BB1E}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{BF584FA6-997E-432A-99D5-A1277404FBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{CDDECADB-DA45-4240-AA89-6F12AE89A3BF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D2B058FE-6803-4AEC-A3A8-0E73F7760CFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{DF0CAED7-AE52-42A6-8C5F-50C5110897FD}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{393D552C-523B-4FCD-94AD-E8173CFA9046}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8212EED4-4B22-4EE5-BB7A-F3F7C74039A5}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"TCP Query User{85B34B50-D21C-4D1A-ABCA-AC7CE0A52BE3}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A1108EED-1112-4065-8443-AC9DA49ABCD7}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{0442C592-FC7E-45BE-AA82-61BB792864E6}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0AC617CB-01F4-4C69-A55F-1B9DBC2FDFE3}C:\users\dad\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dad\appdata\local\akamai\netsession_win.exe |
"UDP Query User{FCB842B1-310A-4A4E-8558-3439C52F1D39}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FD63667A-9D93-4874-B643-52FACAE2B9C2}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.24
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{785F267D-DC33-4404-83ED-7B0CD5E63474}" = Bluesoleil3.1.0.2 Release 070119
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7378875-1EF9-46BB-9316-BFB615CB45DA}" = AVG 2014
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-03-17
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Toolbar" = AIM Toolbar 5.0
"Ares" = Ares 2.1.7
"Audacity_is1" = Audacity 2.0.2
"AVG" = AVG 2014
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Canon MG3100 series User Registration" = Canon MG3100 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EzManual" = EzManual
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"HDMI" = Intel® Graphics Media Accelerator Driver
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstaCodecs_is1" = InstaCodecs
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.7
"WizTree_is1" = WizTree v1.07

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2013 8:26:16 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, time
stamp 0x51c06ab5, faulting module mozalloc.dll, version 22.0.0.4917, time stamp
0x51c05025, exception code 0x80000003, fault offset 0x00001988, process id 0x14b8,
application start time 0x01ce8f5be20e7fc0.

Error - 08/03/2013 4:56:49 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 22.0.0.4917 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1040 Start Time: 01ce8fea259516d0 Termination Time: 452

Error - 08/03/2013 4:56:52 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, time
stamp 0x51c06ab5, faulting module mozalloc.dll, version 22.0.0.4917, time stamp
0x51c05025, exception code 0x80000003, fault offset 0x00001988, process id 0x164,
application start time 0x01ce8fede68ca080.

Error - 08/12/2013 9:52:21 AM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18311 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 214c Start Time: 01ce9763196f15b0 Termination Time: 16

Error - 08/13/2013 6:27:03 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program audacity.exe version 2.0.2.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 24d4 Start Time: 01ce97af476b2c00 Termination Time: 11

Error - 08/18/2013 1:21:32 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 22.0.0.4917 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e40 Start Time: 01ce99a88143c220 Termination Time: 466

Error - 09/03/2013 9:13:55 AM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 23.0.1.4974 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d74 Start Time: 01ce9c3e40234de0 Termination Time: 380

Error - 09/17/2013 9:48:58 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 23.0.1.4974, time
stamp 0x520bc1d5, faulting module mozalloc.dll, version 23.0.1.4974, time stamp
0x520ba12c, exception code 0x80000003, fault offset 0x00001988, process id 0xe7c,
application start time 0x01ceb3bac7f711f0.

Error - 11/21/2013 8:45:51 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.6.2.3173 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d78 Start Time: 01cee71761c7a120 Termination Time: 7

Error - 11/21/2013 10:23:48 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: aa8 Start Time: 01cee2658bc438f0 Termination Time: 161

Error - 11/26/2013 10:19:08 AM | Computer Name = dad-PC | Source = MsiInstaller | ID = 10005
Description =

[ Media Center Events ]
Error - 10/11/2009 3:37:44 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/13/2009 3:41:43 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/05/2009 6:51:49 AM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/24/2009 6:58:43 AM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 03/05/2014 6:52:29 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/05/2014 6:55:49 PM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.

Error - 03/06/2014 7:42:05 AM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.

Error - 03/06/2014 1:07:26 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/06/2014 1:07:55 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/07/2014 12:59:47 AM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.

Error - 03/07/2014 1:02:28 AM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.

Error - 03/07/2014 1:03:27 AM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.

Error - 03/07/2014 1:04:29 AM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.

Error - 03/07/2014 1:05:57 AM | Computer Name = dad-PC | Source = Dhcpv6 | ID = 1000
Description = Your computer has lost the lease to its IP address & on the Network
Card with network address 0015AF2A477A.


< End of report >
OTL logfile created on: 03/07/2014 8:25:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 37.49% Memory free
6.21 Gb Paging File | 3.84 Gb Available in Paging File | 61.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 13.39 Gb Free Space | 12.09% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 08:23:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad\Downloads\OTL.exe
PRC - [2014/02/21 09:28:14 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/14 20:57:24 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\dad\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/04 13:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/14 21:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/12/14 09:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 01:28:05 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/20 16:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/20 04:28:56 | 000,537,264 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/21 09:28:13 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/14 20:57:24 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/08 08:51:49 | 000,019,056 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/02/21 09:28:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 20:57:24 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 18:05:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/20 04:28:56 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aflvbk69)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/21 16:44:21 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/21 16:44:21 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/02 08:10:08 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/29 09:14:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/01/13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/27 00:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/08/15 09:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006/12/28 11:05:10 | 000,033,936 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/22 13:41:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2006/11/22 13:40:50 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/11/22 13:40:34 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006/11/22 13:40:20 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2006/11/22 13:40:02 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2006/11/22 13:39:14 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2006/11/22 13:39:00 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2000/11/15 09:32:38 | 000,002,204 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UNINST2K.SYS -- (UNINST2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{CC8A5FCB-415E-48BB-8538-E0D44D221918}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/14 20:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/14 20:57:15 | 000,000,000 | ---D | M]

[2011/08/19 08:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Extensions
[2014/02/14 20:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/14 20:57:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/11/10 06:23:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\dad\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\dad\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=d4eb67c4b07bbef8a54882e9d93dc85c-f24b56c5cddabd0fa0a8aa7014161808bd1d69a8 /CMPID=0214c File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71072450-D442-48B7-81A4-9E5509574C1E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/05 18:41:21 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\Old Firefox Data
[2014/03/05 17:41:40 | 000,000,000 | ---D | C] -- C:\Windows\Jaksta
[2014/03/05 17:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2014/02/25 03:04:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/15 13:24:29 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\superstar.1
[2014/02/14 20:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/12 14:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/02/12 11:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2014/02/12 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Foolish IT
[2014/02/12 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/12 11:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/12 11:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/10 21:47:30 | 000,000,000 | ---D | C] -- C:\Users\dad\Desktop\superstar
[2014/02/09 19:52:18 | 000,000,000 | ---D | C] -- C:\Users\dad\AppData\Roaming\Malwarebytes
[2014/02/09 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/09 19:51:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2014/03/07 08:28:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 08:08:02 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 08:08:02 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 19:27:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/06 12:07:59 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/05 17:38:11 | 000,000,000 | ---- | M] () -- C:\END
[2014/03/03 20:02:01 | 000,008,192 | ---- | M] () -- C:\Users\dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/03 18:58:08 | 000,358,591 | ---- | M] () -- C:\Users\dad\Desktop\thewire06-20.htm
[2014/03/03 14:58:49 | 000,016,517 | ---- | M] () -- C:\Users\dad\Desktop\FF avatar.jpg
[2014/03/03 14:55:57 | 000,188,886 | ---- | M] () -- C:\Users\dad\Desktop\0303141449.jpg
[2014/03/02 10:45:53 | 000,152,487 | ---- | M] () -- C:\Users\dad\Desktop\0302141041.jpg
[2014/03/02 07:46:26 | 000,234,434 | ---- | M] () -- C:\Users\dad\Desktop\0302141042.jpg
[2014/03/01 08:01:40 | 000,037,118 | ---- | M] () -- C:\Users\dad\Desktop\fuzzy.jpg
[2014/03/01 07:59:43 | 000,033,039 | ---- | M] () -- C:\Users\dad\Desktop\00d0d_aPEmGbRCmeW_600x450.jpg
[2014/03/01 07:59:43 | 000,033,039 | ---- | M] () -- C:\Users\dad\Desktop\00d0d_aPEmGbRCmeW_600x450 - Copy.jpg
[2014/02/28 17:30:24 | 000,042,882 | ---- | M] () -- C:\Users\dad\Desktop\00000_cfLeY8bENFe_600x450 - Copy.jpg
[2014/02/26 03:01:59 | 000,363,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/26 03:01:59 | 000,226,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/24 13:01:16 | 000,000,839 | ---- | M] () -- C:\Users\dad\Desktop\0224141254.jpg - Shortcut.lnk
[2014/02/23 18:42:55 | 000,035,604 | ---- | M] () -- C:\Users\dad\Desktop\bearing_edge.jpg
[2014/02/14 18:41:27 | 000,000,244 | ---- | M] () -- C:\Users\dad\Desktop\Verizon Messages.URL
[2014/02/12 14:47:32 | 000,000,870 | ---- | M] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/12 14:47:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/12 11:51:49 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/02/10 20:13:36 | 000,000,680 | ---- | M] () -- C:\Users\dad\AppData\Local\d3d9caps.dat
[2014/02/10 16:15:47 | 000,000,512 | ---- | M] () -- C:\Users\dad\Documents\MBR.dat
[2014/02/10 16:03:40 | 000,000,466 | ---- | M] () -- C:\Users\dad\Documents\asw.text
[2014/02/09 19:51:49 | 000,000,930 | ---- | M] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/05 08:46:22 | 000,207,816 | ---- | M] () -- C:\Users\dad\Desktop\0131141209.jpg

========== Files Created - No Company Name ==========

[2014/03/05 17:38:11 | 000,000,000 | ---- | C] () -- C:\END
[2014/03/03 18:58:10 | 000,358,591 | ---- | C] () -- C:\Users\dad\Desktop\thewire06-20.htm
[2014/03/03 14:58:49 | 000,016,517 | ---- | C] () -- C:\Users\dad\Desktop\FF avatar.jpg
[2014/03/03 14:57:12 | 000,188,886 | ---- | C] () -- C:\Users\dad\Desktop\0303141449.jpg
[2014/03/02 10:47:39 | 000,152,487 | ---- | C] () -- C:\Users\dad\Desktop\0302141041.jpg
[2014/03/02 07:46:26 | 000,234,434 | ---- | C] () -- C:\Users\dad\Desktop\0302141042.jpg
[2014/03/01 08:01:39 | 000,037,118 | ---- | C] () -- C:\Users\dad\Desktop\fuzzy.jpg
[2014/03/01 08:00:07 | 000,033,039 | ---- | C] () -- C:\Users\dad\Desktop\00d0d_aPEmGbRCmeW_600x450 - Copy.jpg
[2014/03/01 07:59:43 | 000,033,039 | ---- | C] () -- C:\Users\dad\Desktop\00d0d_aPEmGbRCmeW_600x450.jpg
[2014/02/28 17:33:27 | 000,042,882 | ---- | C] () -- C:\Users\dad\Desktop\00000_cfLeY8bENFe_600x450 - Copy.jpg
[2014/02/24 13:01:16 | 000,000,839 | ---- | C] () -- C:\Users\dad\Desktop\0224141254.jpg - Shortcut.lnk
[2014/02/23 18:42:54 | 000,035,604 | ---- | C] () -- C:\Users\dad\Desktop\bearing_edge.jpg
[2014/02/14 18:41:27 | 000,000,244 | ---- | C] () -- C:\Users\dad\Desktop\Verizon Messages.URL
[2014/02/12 14:47:25 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/12 11:51:49 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/02/10 17:06:43 | 000,008,192 | ---- | C] () -- C:\Users\dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/10 16:15:47 | 000,000,512 | ---- | C] () -- C:\Users\dad\Documents\MBR.dat
[2014/02/10 16:03:40 | 000,000,466 | ---- | C] () -- C:\Users\dad\Documents\asw.text
[2014/02/09 19:51:49 | 000,000,930 | ---- | C] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/05 08:51:16 | 000,207,816 | ---- | C] () -- C:\Users\dad\Desktop\0131141209.jpg
[2011/06/29 10:09:10 | 000,000,008 | ---- | C] () -- C:\Users\dad\BankSelectOrder.pm
[2008/09/16 09:47:49 | 000,000,680 | ---- | C] () -- C:\Users\dad\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/11 11:15:01 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Audacity
[2012/03/24 19:25:14 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Auslogics
[2013/10/26 07:58:18 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\AVG2014
[2013/03/05 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Canon
[2012/09/03 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Digiarty
[2009/01/16 06:03:16 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\IObit
[2011/11/14 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\MusE
[2009/03/07 11:19:23 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\OpenOffice.org

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
67mopar
Posted 08 March 2014 - 06:56 PM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
seems to be ok now, maybe I fixed it, couldnt tell you how, low priority, but if anyone sees anything please let me know, thanks

Edited by 67mopar, 08 March 2014 - 06:58 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP