Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Conduit.search.protect, mypcbackup and wedownloadmgr


  • Please log in to reply

#31
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Administrator (administrator) on KINGKONG on 04-06-2014 17:57:14
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18670592 2009-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [75776 2009-09-27] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [16611840 2009-09-27] (NVIDIA Corporation)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2009-03-02] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [36X Raid Configurer] => C:\WINDOWS\SysWOW64\xRaidSetup.exe [1970176 2007-11-19] (JMicron Technology Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Avast free\AvastUI.exe [3873704 2014-06-03] (AVAST Software)
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation))
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> D:\- Webshots\Launcher.exe (Webshots.com)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKCU - DefaultScope Yahoo! URL = http://search.yahoo....-8&fr=chr-iobit
SearchScopes: HKCU - Yahoo! URL = http://search.yahoo....-8&fr=chr-iobit
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...Box&Form=IE8SRC
SearchScopes: HKCU - {112A7E09-6595-D1C3-2C4E-CDFD9E56B66C} URL = http://bing.zugo.com...cfg=2-80-0-Aqd3
SearchScopes: HKCU - {3D41F773-C2A2-4541-8F58-DF94FA1311D3} URL = http://search.yahoo....q={searchTerms}
SearchScopes: HKCU - {928A65F1-E196-4684-A72F-468EF5214A24} URL = http://www.tripadvis...q={searchTerms}
SearchScopes: HKCU - {9ED67100-59C2-4EA1-B00A-5B3F66050152} URL = http://query.nytimes...s}&opensearch=1
SearchScopes: HKCU - {C92C89DF-3EF7-4640-B646-34D65835741D} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D01EF2D8-BE7A-4C3B-8053-B7959714AD54} URL = http://www.fastbrows...E-0EE4AAF8FE4A}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast free\aswWebRepIE64.dll (AVAST Software)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast free\aswWebRepIE.dll (AVAST Software)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10508288 2009-02-10] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8360960 2009-02-10] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492032] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Avast free\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast free\WebRep\FF [2014-06-03]

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-10] (SUPERAntiSpyware.com)
S2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [911360 2011-01-26] (ATI Technologies Inc.)
S2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
S2 avast! Antivirus; C:\Program Files\Avast free\AvastSvc.exe [50344 2014-06-03] (AVAST Software)
S2 avast! Firewall; C:\Program Files\Avast free\afwServ.exe [109048 2014-06-03] (AVAST Software)
S4 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
R2 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
S4 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S4 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-18] (Microsoft Corporation)
S3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S2 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
S2 nvsvc; C:\WINDOWS\system32\nvsvc64.exe [178688 2009-09-27] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-18] (Microsoft Corporation)
S2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
S2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S4 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
S4 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1066496 2013-04-22] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [620032 2013-04-22] (Microsoft Corporation)
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1794560 2009-01-09] (Creative)
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16512 2002-07-16] (Adaptec)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-03] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [329456 2014-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-06-03] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-06-03] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-03] ()
S4 Atdisk; No ImagePath
S3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7718912 2011-01-27] (ATI Technologies Inc.)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
S3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; No ImagePath
S1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [5396992 2009-07-20] (Realtek Semiconductor Corp.)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1854976 2009-01-09] (Creative Technology Ltd.)
S4 mraid35x; No ImagePath
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [42512 2009-07-12] (CACE Technologies)
S3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9687424 2009-09-27] (NVIDIA Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [72736 2009-08-21] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\Windows\System32\drivers\rr232x.sys [144384 2007-10-26] (HighPoint Technologies, Inc.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [124928 2007-11-22] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; No ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] ()
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
S3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: Browser -> No ServiceDLL Path.
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> No ServiceDLL Path.
NETSVCx32: Messenger -> No ServiceDLL Path.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> No ServiceDLL Path.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-06-04 17:57 - 2014-06-04 17:57 - 00000000 ____D () C:\FRST
2014-06-04 16:52 - 2014-06-04 16:53 - 00020850 _____ () C:\WINDOWS\FaxSetup.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00013600 _____ () C:\WINDOWS\ocgen.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00012602 _____ () C:\WINDOWS\iis6.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00009256 _____ () C:\WINDOWS\tsoc.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00005060 _____ () C:\WINDOWS\msmqinst.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00004513 _____ () C:\WINDOWS\comsetup.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00003469 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00002404 _____ () C:\WINDOWS\imsins.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00002404 _____ () C:\WINDOWS\imsins.BAK
2014-06-04 16:52 - 2014-06-04 16:53 - 00000958 _____ () C:\WINDOWS\msgsocm.log
2014-06-04 16:52 - 2014-06-04 16:53 - 00000938 _____ () C:\WINDOWS\ocmsn.log
2014-06-04 16:52 - 2014-06-04 16:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-04 16:52 - 2014-06-04 16:52 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-06-04 09:02 - 2014-06-04 16:48 - 00000000 _____ () C:\WINDOWS\0.log
2014-06-03 20:14 - 2014-06-04 09:00 - 00001536 _____ () C:\WINDOWS\PFRO.log
2014-06-03 10:11 - 2014-06-04 11:59 - 00000697 _____ () C:\WINDOWS\setupapi.log
2014-06-03 10:11 - 2014-06-04 08:54 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-06-03 10:11 - 2014-06-03 10:11 - 00000000 _____ () C:\WINDOWS\TMP368.tmp
2014-06-03 10:10 - 2014-06-04 09:03 - 00000310 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-03 10:10 - 2014-06-03 10:11 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-03 10:10 - 2014-06-03 10:11 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-03 10:10 - 2014-06-03 10:11 - 00064752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1401804673546
2014-06-03 10:10 - 2014-06-03 10:10 - 00329456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00065264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00064752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1401804673546
2014-06-03 10:10 - 2014-06-03 10:10 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-03 10:10 - 2014-06-03 10:10 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-06-03 10:06 - 2014-06-04 09:15 - 00000000 ____D () C:\Program Files\Avast free
2014-06-03 10:03 - 2014-06-03 10:03 - 04768536 _____ (AVAST Software) C:\avast_internet_security_setup_online.exe
2014-06-01 07:47 - 2014-06-01 07:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-31 17:23 - 2014-05-31 17:23 - 00000000 ____D () C:\_OTL
2014-05-31 09:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-31 09:43 - 2014-05-31 13:02 - 00000000 ____D () C:\AdwCleaner
2014-05-30 18:30 - 2014-05-30 18:30 - 00000511 _____ () C:\Documents and Settings\Administrator\My Documents\OTL instructions.txt
2014-05-27 20:42 - 2014-05-27 20:42 - 00000790 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 20:33 - 2014-05-27 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-27 19:54 - 2014-05-29 16:29 - 00000000 ___RD () C:\Drive Index 052914
2014-05-27 19:53 - 2014-05-27 19:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Webshots
2014-05-27 18:19 - 2014-05-27 18:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\my made firefox bookmarkbackups
2014-05-27 12:04 - 2014-05-27 12:04 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\MGI
2014-05-27 11:16 - 2014-05-27 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Webshots(2)
2014-05-08 00:38 - 2014-05-08 00:47 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE

==================== One Month Modified Files and Folders =======

2014-06-04 17:57 - 2014-06-04 17:57 - 00000000 ____D () C:\FRST
2014-06-04 17:57 - 2012-01-19 15:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-04 17:00 - 2013-04-26 16:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2014-06-04 16:53 - 2014-06-04 16:52 - 00020850 _____ () C:\WINDOWS\FaxSetup.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00013600 _____ () C:\WINDOWS\ocgen.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00012602 _____ () C:\WINDOWS\iis6.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00009256 _____ () C:\WINDOWS\tsoc.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00005060 _____ () C:\WINDOWS\msmqinst.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00004513 _____ () C:\WINDOWS\comsetup.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00003469 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00002404 _____ () C:\WINDOWS\imsins.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00002404 _____ () C:\WINDOWS\imsins.BAK
2014-06-04 16:53 - 2014-06-04 16:52 - 00000958 _____ () C:\WINDOWS\msgsocm.log
2014-06-04 16:53 - 2014-06-04 16:52 - 00000938 _____ () C:\WINDOWS\ocmsn.log
2014-06-04 16:53 - 2009-05-29 06:54 - 01674222 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-04 16:52 - 2014-06-04 16:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-04 16:52 - 2014-06-04 16:52 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-06-04 16:48 - 2014-06-04 09:02 - 00000000 _____ () C:\WINDOWS\0.log
2014-06-04 16:45 - 2009-05-29 07:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-04 11:59 - 2014-06-03 10:11 - 00000697 _____ () C:\WINDOWS\setupapi.log
2014-06-04 11:46 - 2009-05-29 02:42 - 00716606 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-04 11:37 - 2009-05-29 07:01 - 00032564 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2014-06-04 11:37 - 2009-05-29 07:01 - 00000159 _____ () C:\Documents and Settings\LocalService\wiadebug.log
2014-06-04 11:37 - 2009-05-29 07:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-04 09:17 - 2011-01-08 14:16 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-06-04 09:15 - 2014-06-03 10:06 - 00000000 ____D () C:\Program Files\Avast free
2014-06-04 09:15 - 2011-08-02 15:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-04 09:14 - 2009-05-29 07:01 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-04 09:03 - 2014-06-03 10:10 - 00000310 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-04 09:00 - 2014-06-03 20:14 - 00001536 _____ () C:\WINDOWS\PFRO.log
2014-06-04 09:00 - 2007-02-18 08:00 - 00013736 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-04 08:54 - 2014-06-03 10:11 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-06-03 17:16 - 2011-06-08 18:07 - 00000264 _____ () C:\Documents and Settings\Administrator\wiadebug.log
2014-06-03 10:11 - 2014-06-03 10:11 - 00000000 _____ () C:\WINDOWS\TMP368.tmp
2014-06-03 10:11 - 2014-06-03 10:10 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-03 10:11 - 2014-06-03 10:10 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-03 10:11 - 2014-06-03 10:10 - 00064752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1401804673546
2014-06-03 10:10 - 2014-06-03 10:10 - 00329456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00065264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00064752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1401804673546
2014-06-03 10:10 - 2014-06-03 10:10 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-03 10:10 - 2014-06-03 10:10 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-03 10:10 - 2014-06-03 10:10 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-06-03 10:10 - 2011-05-14 23:19 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-06-03 10:04 - 2012-07-05 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-06-03 10:03 - 2014-06-03 10:03 - 04768536 _____ (AVAST Software) C:\avast_internet_security_setup_online.exe
2014-06-03 08:01 - 2011-06-05 17:15 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\My Files
2014-06-02 11:40 - 2013-02-09 20:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-02 11:40 - 2012-04-02 09:41 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-02 11:40 - 2011-07-31 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-01 07:47 - 2014-06-01 07:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-31 17:23 - 2014-05-31 17:23 - 00000000 ____D () C:\_OTL
2014-05-31 13:52 - 2013-12-19 10:16 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Calenders 2014
2014-05-31 13:02 - 2014-05-31 09:43 - 00000000 ____D () C:\AdwCleaner
2014-05-31 00:00 - 2014-03-28 22:34 - 00000262 _____ () C:\WINDOWS\Tasks\MIX.job
2014-05-30 18:30 - 2014-05-30 18:30 - 00000511 _____ () C:\Documents and Settings\Administrator\My Documents\OTL instructions.txt
2014-05-29 16:29 - 2014-05-27 19:54 - 00000000 ___RD () C:\Drive Index 052914
2014-05-29 12:24 - 2009-09-30 09:35 - 00003549 _____ () C:\WINDOWS\WININIT.INI
2014-05-29 12:24 - 2009-05-29 07:01 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup
2014-05-29 09:52 - 2011-06-05 17:17 - 00000000 ____D () C:\Icons
2014-05-28 16:38 - 2011-12-08 16:03 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-05-27 20:42 - 2014-05-27 20:42 - 00000790 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-27 20:42 - 2014-05-27 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-27 20:10 - 2009-05-29 07:01 - 00000000 ___SD () C:\Documents and Settings\NetworkService
2014-05-27 20:10 - 2009-05-29 07:01 - 00000000 ___SD () C:\Documents and Settings\LocalService
2014-05-27 19:54 - 2012-03-02 16:50 - 00000000 ____D () C:\Program Files (x86)\Any Video Converter
2014-05-27 19:53 - 2014-05-27 19:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Webshots
2014-05-27 18:19 - 2014-05-27 18:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\my made firefox bookmarkbackups
2014-05-27 12:04 - 2014-05-27 12:04 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\MGI
2014-05-27 11:16 - 2014-05-27 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Webshots(2)
2014-05-14 17:40 - 2009-06-19 13:52 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-05-08 18:30 - 2013-05-05 02:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-05-08 00:47 - 2014-05-08 00:38 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-05-08 00:07 - 2009-05-29 02:35 - 00000000 ____D () C:\WINDOWS\Help

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dEXObXgo.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GqlK3y8k.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vMNOPOmY.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F

C:\Windows\SysWOW64\explorer.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344

C:\Windows\System32\svchost.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9

C:\Windows\SysWOW64\svchost.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\Windows\System32\services.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 0224256 ____A (Microsoft Corporation) D255E0DDB63A6223BFD8057266380017

C:\Windows\System32\User32.dll
[2007-02-18 08:00] - [2007-02-18 08:00] - 1086976 ____A (Microsoft Corporation) 377AADB366B617396A6DAF0D206A5C55

C:\Windows\SysWOW64\User32.dll
[2007-02-18 08:00] - [2007-02-18 08:00] - 0602624 ____A (Microsoft Corporation) 89F37F23FAF74F802CD7F22CA4ABD4EF

C:\Windows\System32\userinit.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9

C:\Windows\SysWOW64\userinit.exe
[2007-02-18 08:00] - [2007-02-18 08:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

C:\Windows\System32\rpcss.dll
[2007-02-18 08:00] - [2007-02-18 08:00] - 0838656 ____A (Microsoft Corporation) 8830EF3E7DDB479F00113A5B59B6F601

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2007-02-18 08:00] - [2012-08-23 01:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================


  • 0

Advertisements


#32
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Avastclear worked.  Windows started noramlly . . .  thanks very much!


  • 0

#33
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts

You're welcome.

Now. Back to the OTL and Extras logs. Could you please follow the instructions in post #24 and provide those logs again please. I need to see what residual files Avastclear may have left behind. They'll need to be removed, then we can pick up where we left off. :)

 


  • 0

#34
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

OTL logfile created on: 6/4/2014 6:31:38 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\My Documents\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 79.60% Memory free
5.75 Gb Paging File | 5.19 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 12.86 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 128.16 Gb Free Space | 14.28% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 634.04 Gb Free Space | 34.03% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 214.91 Gb Free Space | 30.76% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 288.77 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 930.25 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 647.01 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 290.19 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 195.68 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 242.06 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 428.03 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 492.82 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive P: | 1863.01 Gb Total Space | 609.08 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
 
Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/30 18:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
PRC - [2014/02/20 04:34:06 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/02/20 04:33:55 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/02/20 04:33:55 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/03/24 17:48:52 | 003,310,928 | ---- | M] (Webshots.com) -- D:\- Webshots\Webshots.scr
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/10 20:14:16 | 000,394,824 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/10 12:14:54 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2014/06/02 11:40:58 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/20 04:34:06 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/02/20 04:33:58 | 001,017,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/02/20 04:33:55 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2010/05/05 15:35:01 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/07/12 02:41:17 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\npf.sys -- (NPF)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2002/07/16 21:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\ASPI32.SYS -- (Aspi32)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes,DefaultScope = Yahoo!
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}: "URL" = http://bing.zugo.com...cfg=2-80-0-Aqd3
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{396BB7C9-5011-4147-B1FA-E09617996123}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{928A65F1-E196-4684-A72F-468EF5214A24}: "URL" = http://www.tripadvis...q={searchTerms}
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{9ED67100-59C2-4EA1-B00A-5B3F66050152}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{C92C89DF-3EF7-4640-B646-34D65835741D}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\{D01EF2D8-BE7A-4C3B-8053-B7959714AD54}: "URL" = http://www.fastbrows...E-0EE4AAF8FE4A}
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo....-8&fr=chr-iobit
IE - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/26 11:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/05/27 20:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\extensions
[2014/05/27 20:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/27 20:42:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast free\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install File not found
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk = D:\- Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8:64bit: - Extra context menu item: Send Image to Photo Library - C:\Documents and Settings\Administrator\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html ()
O8 - Extra context menu item: Send Image to Photo Library - C:\Documents and Settings\Administrator\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html ()
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1560305870-1003223559-3566357663-500\..Trusted Domains: flickr.com ([www] http in Trusted sites)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\EFS: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 06:56:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 17:57:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/04 09:14:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/06/03 17:21:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2014/06/03 10:03:05 | 004,768,536 | ---- | C] (AVAST Software) -- C:\avast_internet_security_setup_online.exe
[2014/06/01 07:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/31 17:23:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/31 09:44:19 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/05/31 09:43:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/30 19:01:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Desktop\Backup your files problem
[2014/05/27 20:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/27 19:54:19 | 000,000,000 | R--D | C] -- C:\Drive Index 052914
[2014/05/27 19:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2014/05/27 18:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2014/05/27 18:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\my made firefox bookmarkbackups
[2014/05/27 18:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\firefox profiles
[2014/05/27 12:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2014/05/27 12:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MGI
[2014/05/27 11:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webshots(2)
[2014/05/08 00:38:58 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/04 18:08:20 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/06/04 18:08:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/04 18:05:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2014/06/04 18:05:24 | 000,000,222 | ---- | M] () -- C:\boot.ini
[2014/06/04 16:58:49 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/04 16:53:00 | 000,002,404 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/06/03 10:17:36 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
[2014/06/03 10:03:07 | 004,768,536 | ---- | M] (AVAST Software) -- C:\avast_internet_security_setup_online.exe
[2014/06/02 11:40:59 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/02 11:40:58 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/06/02 11:40:58 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/31 00:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\MIX.job
[2014/05/30 18:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2014/05/29 12:24:51 | 000,003,549 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2014/05/27 21:33:09 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.lnk
[2014/05/14 17:40:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/08 00:47:38 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/04 16:52:43 | 000,002,404 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/06/03 10:10:54 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/05/27 21:33:09 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.lnk
[2014/05/27 20:42:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/17 18:08:33 | 000,043,698 | ---- | C] () -- C:\WINDOWS\SysWow64\xvid-uninstall.exe
[2013/07/19 14:20:37 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2013/04/26 15:55:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2013/04/17 10:42:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2013/04/17 10:42:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\SysWow64\Fpl.dll
[2013/02/20 00:25:57 | 000,307,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/02 13:37:38 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[2012/09/16 12:12:44 | 000,037,376 | ---- | C] () -- C:\WINDOWS\SysWow64\VbVfw.dll
[2012/09/15 17:51:21 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Tool - VobEdit.INI
[2012/09/13 12:05:23 | 000,074,703 | ---- | C] () -- C:\WINDOWS\SysWow64\mfc45.dat
[2011/06/08 08:34:14 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2009/05/29 07:10:21 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/05/29 07:21:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2007/02/18 08:00:00 | 000,482,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D

< End of report >
 

 

 

 

 

 

 

 

 

 


  • 0

#35
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

OTL Extras logfile created on: 6/4/2014 6:31:38 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\My Documents\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 79.60% Memory free
5.75 Gb Paging File | 5.19 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 12.86 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 128.16 Gb Free Space | 14.28% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 634.04 Gb Free Space | 34.03% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 214.91 Gb Free Space | 30.76% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 288.77 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 930.25 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 647.01 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 290.19 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 195.68 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 242.06 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 428.03 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 492.82 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive P: | 1863.01 Gb Total Space | 609.08 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
 
Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\WINDOWS\SysWOW64\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\WINDOWS\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\SysWow64\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "C:\Program Files (x86)\Mozilla Firefox 2.0.1\firefox.exe" -osint -url "%1"
.url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\SysWOW64\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC Media Player 2.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\Microsoft Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC Media Player 2.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC Media Player 2.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\Microsoft Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC Media Player 2.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25E0F2BA-399C-4cf8-A654-53797016CB77}" = HP Beta Printer Drivers for Windows XP x64 (5.64.0.17)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.1.3611 [2010-10-06]
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"WIC" = Windows Imaging Component
"Windows x64 Service Pack" = Windows XP Service Pack 2
"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java™ 6 Update 26
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.136
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1" = Pazera Free FLV to AVI Converter 1.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"AM-DeadLink" = AM-DeadLink
"Apollo WMV/ASF/ASX to DVD Burner_is1" = Apollo WMV/ASF/ASX to DVD Burner 3.2
"Audacity_is1" = Audacity 1.0.0
"AutoGK" = Auto Gordian Knot 2.45
"AVI MPEG RM Joiner_is1" = AVI/MPEG/RM Joiner 2.40
"AVI MPEG RM WMV Splitter_is1" = AVI/MPEG/RM/WMV Splitter 4.28
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"DivX Setup" = DivX Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy Video Joiner_is1" = Easy Video Joiner 5.01
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ESET Online Scanner" = ESET Online Scanner v3
"FairUse Wizard 2" = FairUse Wizard 2
"Falco Icon Studio_is1" = Falco Icon Studio 2.7
"HD Tune_is1" = HD Tune 2.54
"ImgBurn" = ImgBurn
"MediaInfo" = MediaInfo 0.7.7.4
"MGI_PRISM_V3_0" =
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MP3 Bitrate Changer_is1" = MP3 Bitrate Changer 1.1
"Revo Uninstaller" = Revo Uninstaller 1.83
"Totalcmd" = Total Commander (Remove or Repair)
"TransBar" = TransBar
"Unlocker" = Unlocker 1.8.5
"VLC media player" = VLC media player 2.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Webshots Desktop_is1" = Webshots Desktop
"WinRAR archiver" = WinRAR archiver
"WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 2.0
"XviD" = XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/4/2014 9:19:20 AM | Computer Name = KINGKONG | Source = ESENT | ID = 490
Description = wuaueng.dll (888) SUS20ClientDataStore: An attempt to open the file
 "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk" for read / write access
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The open file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 6/4/2014 9:19:30 AM | Computer Name = KINGKONG | Source = ESENT | ID = 490
Description = wuaueng.dll (888) SUS20ClientDataStore: An attempt to open the file
 "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The open file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 6/4/2014 11:42:36 AM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =
 
Error - 6/4/2014 11:57:28 AM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =
 
Error - 6/4/2014 12:02:57 PM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =
 
Error - 6/4/2014 12:06:14 PM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =
 
Error - 6/4/2014 12:09:28 PM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =
 
Error - 6/4/2014 4:47:58 PM | Computer Name = KINGKONG | Source = VSS | ID = 8211
Description =
 
Error - 6/4/2014 6:04:28 PM | Computer Name = KINGKONG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 6/4/2014 6:04:28 PM | Computer Name = KINGKONG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
[ OSession Events ]
Error - 12/5/2010 8:46:09 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/5/2010 8:46:17 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/5/2010 8:46:47 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/5/2010 8:46:53 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/5/2010 8:46:56 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/27/2011 5:43:29 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/27/2011 5:44:03 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/27/2011 5:44:12 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/27/2011 5:44:17 PM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/5/2012 11:35:16 AM | Computer Name = MYGIG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 6/4/2014 12:03:20 PM | Computer Name = KINGKONG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/4/2014 12:06:37 PM | Computer Name = KINGKONG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/4/2014 12:09:51 PM | Computer Name = KINGKONG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/4/2014 12:10:30 PM | Computer Name = KINGKONG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   aswRvrt  aswSP  aswTdi  aswVmm  avipbb  avkmgr  Fips  SASDIFSV  SASKUTIL
 
Error - 6/4/2014 4:48:21 PM | Computer Name = KINGKONG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/4/2014 4:49:00 PM | Computer Name = KINGKONG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   aswRvrt  aswSP  aswTdi  aswVmm  avipbb  avkmgr  Fips  SASDIFSV  SASKUTIL
 
Error - 6/4/2014 4:52:26 PM | Computer Name = KINGKONG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
 arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 6/4/2014 6:08:29 PM | Computer Name = KINGKONG | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading
 due to incompatibility with this system. Please contact your software  vendor for
 a compatible version of the driver.
 
Error - 6/4/2014 6:09:19 PM | Computer Name = KINGKONG | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error:   %%1275
 
Error - 6/4/2014 6:09:19 PM | Computer Name = KINGKONG | Source = Service Control Manager | ID = 7002
Description = The Routing and Remote Access service depends on the NetBIOSGroup
group and no member of this group started.
 
 
< End of report >
 


  • 0

#36
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts

Hi Denise,

 

This recent travesty that you experienced was due to installing a 2nd AV (specifically Avast) without installing the presently onboard AV (Avira) many people think the more protection they have, the less chance of becoming infected. In reality, the real-time protection of two or more antivirus programs may conflict with each other and cause the following:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.

  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

Please uninstall the following programs from Control Panel > Add/Remove Programs. Both Javas are outdated and  Advanced WindowsCare Personal version 2 is obsolete.

Java 7 Update 45 (64-bit)

Java™ 6 Update 26

Advanced WindowsCare Personal

 

  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

     


    :COMMANDS

    [CREATERESTOREPOINT]

     

    :OTL

    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast free\aswWebRepIE64.dll File not found

    [2014/06/03 10:03:05 | 004,768,536 | ---- | C] (AVAST Software) -- C:\avast_internet_security_setup_online.exe

    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [2014/06/04 18:08:20 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

    [2014/06/03 10:03:07 | 004,768,536 | ---- | M] (AVAST Software) -- C:\avast_internet_security_setup_online.exe

    [2014/06/03 10:10:54 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D

    :Commands

    [resethosts]

    [emptytemp]

  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Please post the following logs in your next reply:

C:\_OTL\Moved Files

OTL.txt


  • 0

#37
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ scheduled to be deleted on reboot.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ .
C:\avast_internet_security_setup_online.exe moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\avast! Emergency Update.job moved successfully.
File C:\avast_internet_security_setup_online.exe not found.
File C:\WINDOWS\tasks\avast! Emergency Update.job not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D deleted successfully.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 650806 bytes
->Temporary Internet Files folder emptied: 295314 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48775111 bytes
->Flash cache emptied: 677 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 47.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06052014_084537

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ scheduled to be deleted on reboot.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ .
 


  • 0

#38
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

OTL logfile created on: 6/5/2014 8:52:41 AM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\My Documents\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 80.51% Memory free
5.75 Gb Paging File | 5.19 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 13.53 Gb Free Space | 39.59% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 128.24 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 634.04 Gb Free Space | 34.03% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 214.91 Gb Free Space | 30.76% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 288.77 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 930.25 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 647.01 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 290.19 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 195.68 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 242.06 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 428.03 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 492.82 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive P: | 1863.01 Gb Total Space | 609.08 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
 
Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/05 08:32:20 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/06/05 08:31:40 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/06/05 08:31:38 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/05/30 18:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
PRC - [2008/03/24 17:48:52 | 003,310,928 | ---- | M] (Webshots.com) -- D:\- Webshots\Webshots.scr
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/10 12:14:54 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2014/06/05 08:32:20 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/06/05 08:31:49 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/06/05 08:31:40 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/06/02 11:40:58 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2010/05/05 15:35:01 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/07/12 02:41:17 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\npf.sys -- (NPF)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2002/07/16 21:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\ASPI32.SYS -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = Yahoo!
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}: "URL" = http://bing.zugo.com...cfg=2-80-0-Aqd3
IE - HKCU\..\SearchScopes\{396BB7C9-5011-4147-B1FA-E09617996123}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{928A65F1-E196-4684-A72F-468EF5214A24}: "URL" = http://www.tripadvis...q={searchTerms}
IE - HKCU\..\SearchScopes\{9ED67100-59C2-4EA1-B00A-5B3F66050152}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKCU\..\SearchScopes\{C92C89DF-3EF7-4640-B646-34D65835741D}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D01EF2D8-BE7A-4C3B-8053-B7959714AD54}: "URL" = http://www.fastbrows...E-0EE4AAF8FE4A}
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo....-8&fr=chr-iobit
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/26 11:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/05/27 20:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\extensions
[2014/06/05 08:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/27 20:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/27 20:42:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
Hosts file not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast free\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk = D:\- Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8:64bit: - Extra context menu item: Send Image to Photo Library - C:\Documents and Settings\Administrator\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html ()
O8 - Extra context menu item: Send Image to Photo Library - C:\Documents and Settings\Administrator\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html ()
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: flickr.com ([www] http in Trusted sites)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 06:56:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 22:02:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/06/04 17:57:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/03 17:21:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2014/06/01 07:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/31 17:23:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/31 09:44:19 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/05/31 09:43:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/30 19:01:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Desktop\Backup your files problem
[2014/05/27 20:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/27 19:54:19 | 000,000,000 | R--D | C] -- C:\Drive Index 052914
[2014/05/27 19:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2014/05/27 18:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2014/05/27 18:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\my made firefox bookmarkbackups
[2014/05/27 18:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\firefox profiles
[2014/05/27 12:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2014/05/27 12:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MGI
[2014/05/27 11:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webshots(2)
[2014/05/08 00:38:58 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/05 08:48:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/04 21:25:39 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
[2014/06/04 18:46:37 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Drive Index 052914.lnk
[2014/06/04 18:05:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2014/06/04 18:05:24 | 000,000,222 | ---- | M] () -- C:\boot.ini
[2014/06/04 16:58:49 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/02 11:40:59 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/31 00:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\MIX.job
[2014/05/30 18:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2014/05/29 12:24:51 | 000,003,549 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2014/05/27 21:33:09 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.lnk
[2014/05/14 17:40:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/08 00:47:38 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
 
========== Files Created - No Company Name ==========
 
[2014/05/27 21:33:09 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.lnk
[2014/05/27 20:42:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/17 18:08:33 | 000,043,698 | ---- | C] () -- C:\WINDOWS\SysWow64\xvid-uninstall.exe
[2013/07/19 14:20:37 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2013/04/26 15:55:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2013/04/17 10:42:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2013/04/17 10:42:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\SysWow64\Fpl.dll
[2013/02/20 00:25:57 | 000,307,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/02 13:37:38 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[2012/09/16 12:12:44 | 000,037,376 | ---- | C] () -- C:\WINDOWS\SysWow64\VbVfw.dll
[2012/09/15 17:51:21 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Tool - VobEdit.INI
[2012/09/13 12:05:23 | 000,074,703 | ---- | C] () -- C:\WINDOWS\SysWow64\mfc45.dat
[2011/06/08 08:34:14 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2009/05/29 07:10:21 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/05/29 07:21:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2007/02/18 08:00:00 | 000,482,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/04 18:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVAST Software
[2014/05/27 18:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\firefox profiles
[2014/02/10 10:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GHISLER
[2013/07/19 14:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2013/12/17 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2013/04/27 16:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MGI
[2014/05/27 19:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2014/05/27 11:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots(2)
[2010/02/18 13:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/05 00:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/25 16:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2014/03/28 22:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND64
[2012/01/19 16:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2013/02/05 23:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/10/28 17:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/02 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2009/07/12 20:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2011/10/27 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/31 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/04 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/10 21:26:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/02/05 23:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
[2013/02/05 23:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/02/05 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#39
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ scheduled to be deleted on reboot.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ .
C:\avast_internet_security_setup_online.exe moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\avast! Emergency Update.job moved successfully.
File C:\avast_internet_security_setup_online.exe not found.
File C:\WINDOWS\tasks\avast! Emergency Update.job not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D deleted successfully.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 650806 bytes
->Temporary Internet Files folder emptied: 295314 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48775111 bytes
->Flash cache emptied: 677 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 47.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06052014_084537

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ scheduled to be deleted on reboot.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ .
 


  • 0

#40
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts

Good Morning Denise! :)

 

There's one Avast entry that just does not want to let go. So, one more try.

 

Delete file

 

  • Copy all text in the quote box (below)...to Notepad.

    @echo off

    rd /s /q "C:\Program Files\Avast free\aswWebRepIE64.dll"

    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista

  • Double click on delfile.bat to execute it.

    A black CMD window will flash, then disappear...this is normal.

  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next:

I'm going to have you scan with MBAM. Once installed, keep it and use at least once a week or if you think you may have been infiltrated with a anything malicious.

Malwarebytes 2.0, please run a Threat Scan

 

  • Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.

  • After the updates complete, click on the Settings tab at the top then click on Detection and Protection.

  • Under Detection Options, make sure all 3 options are checked.

  • Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.

  • Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.

  • If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.

  • When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.

  • In most cases, a restart will be required.

  • Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 

  • After the restart once you are back at your desktop, open MBAM once more.

  • Click on the History tab > Application Logs

  • Double click on the scan log which shows the Date and time of the scan just performed.

  • Click 'Copy to Clipboard'

  • Paste the contents of the clipboard into your reply.

 

Next:

 

This next scan will check for outdated software. Always keep your software updated. Vulnerabilities in outdated software are an invitation to infection.

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

In your next reply, please post the following logs:

[b]MBAM.txt

checkup.txt

 

Thank you. :)


  • 0

Advertisements


#41
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts
This recent travesty that you experienced was due to installing a 2nd AV (specifically Avast) without installing the presently onboard AV (Avira) many people think the more protection they have, the less chance of becoming infected.

 

I wasn't going to keep Avira if Avast worked with IE x64 again.  I like Avast better than Avira.  I'd still like to install it if the new version works with IE x64 and than I'd uninstall Avira.


 

 

There's one Avast entry that just does not want to let go. So, one more try.

 

I deleted the file myself . . .  sorry  :upset:  

 

 

Double click on delfile.bat to execute it.

 

I did this too.

 

 

 

Edit:  Where can I find MBAM?


Edited by Denisejm, 05 June 2014 - 10:38 AM.

  • 0

#42
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Results of screen317's Security Check version 0.99.83  
 Windows XP  x64   
 Out of date service pack!!
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Avira Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Advanced WindowsCare Personal   
 Java version out of Date!
 Adobe Flash Player     13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

 

 

The remaining Java was one I didn't uninstall because it wasn't on your list.  Do you want me to uninstall it?

 

I rarely installed Windows updates.  I found that they caused my pc more problems than not, maybe because it was XP x64 and Microsoft put more effort into Vista and Enterprise at the time.  There was little support for XP x64.  I installed cumulative updates, Service Packs, and C++ but almost no security updates.

 

 

Edit:  Microsoft's website says:

There's no SP3 for the 64-bit version of Windows XP. 

 

It's typical of the support they offered to XP x64.


Edited by Denisejm, 05 June 2014 - 10:50 AM.

  • 0

#43
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,501 posts

I wasn't going to keep Avira if Avast worked with IE x64 again. I like Avast better than Avira. I'd still like to install it if the new version works with IE x64 and than I'd uninstall Avira.

I understand how you feel. I think Avast is the best. Can't count the times that Avast has saved me.
 

I deleted the file myself . . . sorry :upset:

That's fine. Thanks for letting me know. You don't need another episode of a BSOD due to one file from a 2nd AV left behind.
 

Edit: Where can I find MBAM?

Oh geesh! slaphead.gif I'm sorry. Those instructions are for those who already have MBAM installed. You can download and install Malwarebytes Anti-malware version 2 from >>here<<.
 

The remaining Java was one I didn't uninstall because it wasn't on your list. Do you want me to uninstall it?

Yes. Please do. Java 7 Update 45 (64-bit) and version Java™ 6 Update 26 were the only two that I saw in the logs. I find it strange that Security Check didn't list it. The latest version of Java is 7 update 60 and can be found >>here<<.

Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises if it is needed.

You can read more about the need for Java and how to disable it here.
 

There's no SP3 for the 64-bit version of Windows XP.

It's typical of the support they offered to XP x64.

Nope. There was no SP3 for the XP 64-bit version, nor the Windows Server 2003 64-bit OS. You can read more about that here. Did you notice how OTL listed the OS as Windows Server 2003 64-bit, yet Security Check and FRST listed it as XP 64-bit? That is because Windows Server 2003 was based on the Windows XP kernal. Something else I found out about System Restore and why it failed for you from my associates who are familiar with both OS's is that neither have the System Restore feature because they are/were based on the same kernal code.

Go ahead and remove the Java that is outdated and install Java 7 update 60 if Java is a must have for you. Also, please post the MBAM log so I can verify that you are clean.

Donna :)
  • 0

#44
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/6/2014
Scan Time: 9:51:25 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.06.04
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 257597
Time Elapsed: 8 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CrossRider.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\UPDATER21804, Quarantined, [07abb2c18cef6ccaae56d6b010f2c43c],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#45
Denisejm

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 604 posts

When I went into Add/Remove Programs, "Java™ 6 Update 29" didn't have the option to remove it and it wasn't listed in Revo Uninstaller. Program Files (86) contains folder "Java jre-7u21-windows-x64" that contains only one file, "msvcr100.dll." Program Files (86) also contains "JavaRa-2.1" which contains "config.ini," notepad doc "JavaRa.def," folder "localization" and "JavaRa.exe."     Can I just delete them?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP