Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

msiexec, various other issues


  • Please log in to reply

#1
Nova11

Nova11

    Member

  • Member
  • PipPip
  • 17 posts
My main, immediate problem is that this "Windows ® installer" keeps asking for permission to install. The details say it's msiexec.exe and located in System 32, but there's also something that looks like a second location ("Local" something, "AppData", and the last word is "quiet"), so I really don't know what's going on except that I don't think it's legitimate.
(Note: I don't know how the forum will render it, but the actual popup has a registered trademark symbol where I typed ®.)
It kept coming up repeatedly; currently I have it flashing orange at the bottom of the screen because the last time it happened to open without being in front of the other windows.
 
When I turned my computer on today, at first I had problems even logging on. Three times after entering my password it said something that I can't remember exactly, but something like "cannot access" something "event" something. Then I logged on as a different user, logged back out and now was able to log in fine.
Because of that, I started a full scan with Microsoft Security Essentials (which is taking a lot longer than it has when I've done it before; it's been going 11 hours and the bar is only about 2/3 across), and I noticed while glancing at that at one point it was scanning some things with "Windows Installer" in the name and some unusual symbols. But it wasn't until hours after that that the permission thing started coming up.
 
And as long as I'm starting a topic, I might as well ask about this; my pop-up blocker hasn't been working for several weeks. Even when I set it to block all pop-ups, I still get them. And it's mostly if not entirely on sites that had pop-ups before I started using the blocker at that level, largely even the same ones that I remember, so it's not some unusual kind of pop-up. And I did see some of the "you have a virus" crap pop-ups (things like that are the reason I turned the blocker up to max in the first place) today, but again, that was over an hour before the permission thing started so I don't know if that's related to my other problem.

Edited by Nova11, 12 June 2014 - 12:03 AM.

  • 0

Advertisements


#2
Nova11

Nova11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
That MSSE scan stopped being so slow and had already finished before I remembered OTL.

Here's the OTL log.

OTL logfile created on: 6/12/2014 1:31:57 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis_2\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.68 Mb Total Physical Memory | 73.14 Mb Available Physical Memory | 7.22% Memory free
3.01 Gb Paging File | 1.15 Gb Available in Paging File | 38.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 69.42 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.04% Space Free | Partition Type: NTFS

Computer Name: STAPLES1077-PC | User Name: Staples1077 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/12 01:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis_2\Documents\OTL.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/18 08:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/12 09:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 09:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/01/20 13:48:06 | 000,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2000/08/30 06:00:32 | 000,172,032 | ---- | M] (Sierra Online, Inc.) -- C:\Sierra\Planner\PLNRnote.exe


========== Modules (No Company Name) ==========

MOD - [2007/04/23 20:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/04/23 20:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/04/23 20:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/04/23 20:11:34 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll


========== Services (SafeList) ==========

SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007/02/12 09:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/01/20 13:48:06 | 000,142,416 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\STAPLE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/06/11 13:33:00 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08C6ECA9-8423-418B-9C0E-238427238218}\MpKsl8b3599c9.sys -- (MpKsl8b3599c9)
DRV - [2014/06/11 13:23:08 | 000,039,464 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08C6ECA9-8423-418B-9C0E-238427238218}\MpKsl2b6f6f95.sys -- (MpKsl2b6f6f95)
DRV - [2014/06/11 13:17:29 | 000,039,464 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08C6ECA9-8423-418B-9C0E-238427238218}\MpKsl23e688ca.sys -- (MpKsl23e688ca)
DRV - [2014/06/11 13:13:10 | 000,039,464 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08C6ECA9-8423-418B-9C0E-238427238218}\MpKslb8780d9b.sys -- (MpKslb8780d9b)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009/04/10 21:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/08/09 19:27:53 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/01/20 13:40:42 | 000,783,984 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\css-dvp.sys -- (CSS DVP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{266B0F19-BF0E-4E12-8518-86D59D5A63A5}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{9EECE930-EA06-477C-A728-406A4A40B9C1}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{B0F2BB51-91F8-46C6-AB21-953BC6C7B8D7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9EECE930-EA06-477C-A728-406A4A40B9C1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{266B0F19-BF0E-4E12-8518-86D59D5A63A5}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9EECE930-EA06-477C-A728-406A4A40B9C1}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{B0F2BB51-91F8-46C6-AB21-953BC6C7B8D7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll ( )



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Staples1077\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/28 02:18:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B7AD45-7614-4D28-BFAE-09BB72A4930D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 07:10:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/21 23:06:28 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/05/14 08:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

========== Files - Modified Within 30 Days ==========

[2014/06/12 01:29:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/11 23:44:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 23:44:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 19:27:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/11 13:33:14 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2014/06/11 13:32:20 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/06/11 13:31:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/11 13:31:03 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/10 15:26:46 | 144,816,888 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/22 13:16:47 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/04/28 01:14:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/28 01:14:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/28 01:14:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/28 01:14:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/28 01:14:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/03/02 10:29:12 | 000,000,680 | ---- | C] () -- C:\Users\Staples1077\AppData\Local\d3d9caps.dat
[2008/02/27 19:00:51 | 000,024,206 | ---- | C] () -- C:\Users\Staples1077\AppData\Roaming\UserTile.png
[2008/02/27 18:51:45 | 000,000,000 | ---- | C] () -- C:\Users\Staples1077\AppData\Roaming\wklnhst.dat
[2008/02/07 02:21:42 | 000,004,608 | ---- | C] () -- C:\Users\Staples1077\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/08/24 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Staples1077\AppData\Roaming\LimeWire
[2008/01/12 06:12:57 | 000,000,000 | ---D | M] -- C:\Users\Staples1077\AppData\Roaming\MSNInstaller
[2013/12/04 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\Staples1077\AppData\Roaming\RenPy
[2009/05/29 18:58:34 | 000,000,000 | ---D | M] -- C:\Users\Staples1077\AppData\Roaming\Template
[2008/01/11 04:16:28 | 000,000,000 | ---D | M] -- C:\Users\Staples1077\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
  • 0

#3
Nova11

Nova11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

After I denied permission the last time, it hasn't come up again. It's possible that it was being triggered by a webpage that I had open after all.

 

Now I'm not sure I even have a serious problem.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP