Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Redirects\Slowness\Pop-ups\Lost Connections [So

Started by caringkitten , Jun 18 2014 11:24 AM

  • This topic is locked This topic is locked

#1
caringkitten
Posted 18 June 2014 - 11:24 AM

caringkitten

    New Member

  • Member
  • Pip
  • 2 posts

Hi All:

 

Hopefully you guys can help me.  I am experiencing Browser Redirects\Slowness\Pop-ups\Lost Connections with all types of browser- chrome, firefox, IE.

 

I posted the requested OTL log below.  I don't see any rogue programs or spyware running at the surface like fake virus scans, etc.  Just seems like all internet use is slow, pages redirect, etc.

 

Please help!

 

Lisa

 

OTL logfile created on: 2014/06/18 1:34:50 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = d:\data\administrator.3YFK943Z\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
1.49 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 51.73% Memory free
4.13 Gb Paging File | 3.49 Gb Available in Paging File | 84.67% Paging File free
Paging file location(s): C:\pagefile.sys 2850 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 60.45 Gb Total Space | 23.43 Gb Free Space | 38.76% Space Free | Partition Type: NTFS
Drive D: | 32.70 Gb Total Space | 6.31 Gb Free Space | 19.29% Space Free | Partition Type: NTFS
 
Computer Name: 3YFK943Z | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/18 13:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\administrator.3YFK943Z\Desktop\OTL.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/23 03:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/05/13 10:16:36 | 000,541,696 | ---- | M] () -- C:\Program Files\003\nuttkoqiez32.exe
PRC - [2014/04/07 06:49:10 | 000,026,008 | ---- | M] () -- C:\Program Files\pastaleads\PastaLeadsWinApp.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2007/12/14 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/07/25 17:16:42 | 000,073,728 | ---- | M] (DameWare Development) -- C:\WINNT\system32\DWRCST.EXE
PRC - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) -- C:\WINNT\system32\DWRCS.EXE
PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2006/02/01 16:10:32 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005/09/15 14:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
PRC - [2005/09/06 16:50:50 | 000,045,056 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
PRC - [2005/04/27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/13 10:16:36 | 000,541,696 | ---- | M] () -- C:\Program Files\003\nuttkoqiez32.exe
MOD - [2014/04/07 06:49:10 | 000,026,008 | ---- | M] () -- C:\Program Files\pastaleads\PastaLeadsWinApp.exe
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/21 02:52:10 | 012,430,848 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1d1239cae67610d8659752751abc7856\System.Windows.Forms.ni.dll
MOD - [2009/11/21 02:51:55 | 001,587,200 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Drawing\f9c517646d0706b9c61a41af685ff6b7\System.Drawing.ni.dll
MOD - [2009/11/21 02:51:14 | 000,539,648 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70ac14c28100d0ca7ed1170597fbc172\PresentationFramework.Luna.ni.dll
MOD - [2009/11/21 02:51:10 | 014,322,688 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e3d4d240794478ea8067ceed63bbad1e\PresentationFramework.ni.dll
MOD - [2009/11/21 02:50:17 | 012,215,296 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\PresentationCore\4619e16b34a37586c8dbae5f71359156\PresentationCore.ni.dll
MOD - [2009/11/21 02:50:01 | 003,312,128 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\WindowsBase\c770cdb4fc7f26c9b5fe858d4147ae57\WindowsBase.ni.dll
MOD - [2009/11/21 02:49:52 | 007,868,416 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\2e356db128ec7354bd70a3ecc84b1f87\System.ni.dll
MOD - [2009/11/21 02:49:41 | 011,485,184 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll
MOD - [2009/11/21 02:48:25 | 000,303,104 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2007/12/14 15:06:00 | 000,156,992 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naisign2.dll
MOD - [2007/12/14 15:06:00 | 000,120,128 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
MOD - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2006/02/01 16:09:42 | 000,024,576 | ---- | M] () -- C:\WINNT\system32\tphklock.dll
MOD - [2005/12/07 02:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 02:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2005/09/06 16:50:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
MOD - [2004/08/04 00:56:44 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
MOD - [2004/08/04 00:56:44 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2003/02/20 16:42:34 | 001,159,289 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
MOD - [2003/02/20 16:42:34 | 000,102,511 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
MOD - [2003/02/20 16:42:34 | 000,057,451 | R--- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
MOD - [2003/02/20 16:42:34 | 000,057,449 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
MOD - [2003/02/20 16:42:34 | 000,053,360 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
MOD - [2003/02/20 16:42:32 | 000,028,787 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINNT\system32\PsaSrv.exe -- (PsaSrv)
SRV - [2014/06/05 16:21:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/23 03:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/05/13 10:16:36 | 000,541,696 | ---- | M] () [Auto | Running] -- C:\Program Files\003\nuttkoqiez32.exe -- (nuttkoqiez32)
SRV - [2012/04/14 14:35:05 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINNT\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/07/25 14:23:30 | 002,635,480 | ---- | M] (Sygate Technologies, Inc.) [Disabled | Stopped] -- c:\Program Files\Sygate\SSA\Smc.exe -- (SmcService)
SRV - [2006/07/25 14:14:52 | 000,323,658 | ---- | M] (Sygate Technologies, Inc.) [On_Demand | Stopped] -- c:\Program Files\Sygate\SSA\Maga\Maga.exe -- (magaService)
SRV - [2006/05/09 17:37:50 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nexxia\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) [Auto | Running] -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe -- (tunnelguardservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/04/25 19:16:14 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\iPassP.sys -- (iPassP)
DRV - [2007/10/16 20:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 20:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 20:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 20:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/10/16 20:50:00 | 000,031,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2007/08/09 17:33:14 | 000,013,360 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- c:\DRIVERS\T60\BIOS\tpflhlp.sys -- (tpflhlp)
DRV - [2007/03/20 16:58:30 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/03/20 08:01:07 | 000,099,328 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2007/02/15 08:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINNT\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 08:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/07/25 14:24:26 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2006/07/25 14:24:24 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2006/07/25 14:24:20 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2006/07/25 14:24:16 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2006/07/25 13:59:48 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2006/07/25 13:57:10 | 000,061,008 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2006/05/09 17:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005/12/07 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 02:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 02:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/04/27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/27 09:15:50 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/15 12:04:14 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\FLMckUSB.sys -- (FLMCKUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.key-find....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.key-find....q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cmweb.rbccm.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/05 16:21:14 | 000,000,000 | ---D | M]
 
[2014/06/05 16:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/05 16:21:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/01/14 13:34:25 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SAAvErrAddon) - {88930F23-C135-089C-994A-2F4A1EE03F77} - d:\data\All Users\Application Data\SAAvErrAddon\KBJqEAtVe.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No CLSID value found.
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmcService] c:\Program Files\Sygate\SSA\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\PastaQuotes.lnk = C:\Program Files\pastaleads\PastaLeadsWinApp.exe ()
O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([*.oak.fg] * in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([mis.fg] https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbc.com ([pmtprojectserver.fg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([crm] * in Local intranet)
O15 - HKLM\..Trusted Domains: royalbank.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: royalbank.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7CDD4B1-2448-4BD0-9C0C-A8E2B9BEF111}: DhcpNameServer = 10.1.10.1
O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINNT\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINNT\System32\tphklock.dll ()
O24 - Desktop BackupWallPaper: C:\WINNT\RBCVGA.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/18 12:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/18 13:34:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\data\administrator.3YFK943Z\Desktop\OTL.exe
[2014/06/18 13:34:35 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\My Documents\Downloads
[2014/06/18 13:30:49 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google
[2014/06/18 13:30:48 | 000,000,000 | -HSD | C] -- d:\data\administrator.3YFK943Z\IETldCache
[2014/06/18 13:30:47 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\SearchProtect
[2014/06/18 13:02:55 | 000,000,000 | ---D | C] -- d:\data\All Users\Start Menu\Programs\Google Chrome
[2014/06/08 13:21:43 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\3eda283a8b7b0d3d
[2014/06/08 13:21:36 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\SAAvErrAddon
[2014/06/05 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/18 13:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\administrator.3YFK943Z\Desktop\OTL.exe
[2014/06/18 13:31:29 | 000,001,696 | ---- | M] () -- d:\data\administrator.3YFK943Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/18 13:30:55 | 000,000,692 | ---- | M] () -- d:\data\administrator.3YFK943Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/18 13:30:47 | 000,000,880 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/18 13:30:46 | 000,000,008 | RHS- | M] () -- d:\data\administrator.3YFK943Z\ntuser.pol
[2014/06/18 13:11:51 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/06/18 13:02:55 | 000,001,696 | ---- | M] () -- d:\data\All Users\Desktop\Google Chrome.lnk
[2014/06/18 13:00:10 | 000,000,884 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 13:00:00 | 000,000,958 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job
[2014/06/18 12:52:11 | 000,002,101 | ---- | M] () -- d:\data\All Users\Desktop\Safari.lnk
[2014/06/18 12:47:06 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/06/18 12:37:47 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2014/06/18 11:34:57 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2014/06/18 13:30:50 | 000,001,696 | ---- | C] () -- d:\data\administrator.3YFK943Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/18 13:02:55 | 000,001,696 | ---- | C] () -- d:\data\All Users\Desktop\Google Chrome.lnk
[2014/06/18 12:55:50 | 000,000,884 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 12:55:50 | 000,000,880 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 11:17:01 | 000,017,136 | ---- | C] () -- C:\WINNT\System32\sasnative32.exe
[2013/04/02 16:35:20 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2013/04/02 16:35:19 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2013/04/02 16:35:18 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2013/04/02 16:35:18 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2013/04/02 16:35:18 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2013/03/30 20:35:14 | 000,015,616 | ---- | C] () -- C:\WINNT\System32\drivers\TrueSight.sys
[2012/07/12 20:58:49 | 000,558,133 | ---- | C] () -- C:\WINNT\System32\sqlite3.dll
[2010/01/15 22:16:55 | 000,006,954 | RHS- | C] () -- d:\data\All Users\ntuser.pol
[2009/09/21 09:36:09 | 000,000,008 | RHS- | C] () -- d:\data\administrator.3YFK943Z\ntuser.pol
[2009/09/21 09:36:08 | 000,000,118 | ---- | C] () -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\fusioncache.dat
[2008/11/05 12:15:54 | 000,934,608 | ---- | C] () -- d:\data\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
========== ZeroAccess Check ==========
 
[2007/03/20 16:47:16 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:35:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/06/07 13:16:29 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\2308189059
[2014/06/08 13:21:55 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\3eda283a8b7b0d3d
[2008/07/14 19:57:39 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Bloomberg
[2009/04/25 19:16:19 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\iPass
[2010/02/05 16:38:28 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\LiquidTechnologies
[2007/03/20 17:15:11 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Network Associates
[2014/05/13 10:21:21 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\pastaleads
[2013/05/16 11:16:08 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Price Check by AOL
[2014/06/08 13:21:43 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\SAAvErrAddon
[2014/05/13 10:26:04 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\TEMP
[2010/02/05 16:38:09 | 000,000,000 | -H-D | M] -- d:\data\All Users\Application Data\{1E2473C2-7307-4952-8F94-5AFE8309DF4D}
[2009/06/17 14:12:31 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 1

Advertisements

#2
Biscuithd
Posted 18 June 2014 - 11:42 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Give me the remainder of the day to assess your log and create a fix.


  • 0

#3
Biscuithd
Posted 19 June 2014 - 12:59 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Many apologies for my last resposne, but it's going to take another day. We've had terrible weather in my area and have been without power for day. I am working on your log now.


  • 0

#4
Biscuithd
Posted 20 June 2014 - 07:09 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi caringkitten,

 

Again very sorry for the slow response. :)

 

Please perform the following:

 

OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

:Commands

[createrestorepoint]



:OTL

PRC - [2014/05/23 03:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe

SRV - [2014/05/23 03:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)

PRC - [2014/05/13 10:16:36 | 000,541,696 | ---- | M] () -- C:\Program Files\003\nuttkoqiez32.exe

MOD - [2014/05/13 10:16:36 | 000,541,696 | ---- | M] () -- C:\Program Files\003\nuttkoqiez32.exe

SRV - [2014/05/13 10:16:36 | 000,541,696 | ---- | M] () [Auto | Running] -- C:\Program Files\003\nuttkoqiez32.exe -- (nuttkoqiez32)

PRC - [2014/04/07 06:49:10 | 000,026,008 | ---- | M] () -- C:\Program Files\pastaleads\PastaLeadsWinApp.exe

MOD - [2014/04/07 06:49:10 | 000,026,008 | ---- | M] () -- C:\Program Files\pastaleads\PastaLeadsWinApp.exe

O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\PastaQuotes.lnk = C:\Program Files\pastaleads\PastaLeadsWinApp.exe ()

SRV - File not found [On_Demand | Stopped] -- C:\WINNT\system32\PsaSrv.exe -- (PsaSrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.key-find....q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.key-find....q={searchTerms}

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cmweb.rbccm.com

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

O2 - BHO: (SAAvErrAddon) - {88930F23-C135-089C-994A-2F4A1EE03F77} - d:\data\All Users\Application Data\SAAvErrAddon\KBJqEAtVe.dll ()

O3 - HKLM\..\Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No CLSID value found.

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found



:Files

C:\Program Files\pastaleads

C:\Program Files\003 



:commands

[resethosts]

[emptytemp]

[reboot]

 

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

 

Next, download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Next, download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

    Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

Last, re-run OTL as you have done before and this time select Quick Scan. When complete, post the results. This is different than the OTL Moved log requested in the next step.

 

To summarize, please post results of the adwCleaner, Junkware Removal Tool, ZOEK scan, OTL scan log file and the OTL MovedFiles. The Moved Files log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run)..

 

If you have trouble or questions, don't hesitate to ask.


  • 0

#5
caringkitten
Posted 21 June 2014 - 01:25 PM

caringkitten

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thanks.  Here are the requested logs

 

# AdwCleaner v3.212 - Report created 21/06/2014 at 08:44:53
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : administrator - 3YFK943Z
# Running from : D:\data\administrator.3YFK943Z\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : d:\data\All Users\Application Data\2308189059
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SupraSavings
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\suprasavings
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v35.0.1916.153
 
*************************
 
AdwCleaner[R0].txt - [12898 octets] - [14/01/2014 13:44:38]
AdwCleaner[R1].txt - [22179 octets] - [23/03/2014 22:17:10]
AdwCleaner[R2].txt - [6971 octets] - [25/03/2014 21:05:38]
AdwCleaner[R3].txt - [2535 octets] - [21/06/2014 08:33:59]
AdwCleaner[S0].txt - [13294 octets] - [14/01/2014 13:46:37]
AdwCleaner[S1].txt - [6005 octets] - [25/03/2014 21:07:22]
AdwCleaner[S2].txt - [2498 octets] - [21/06/2014 08:44:53]
 
########## EOF - d:\AdwCleaner\AdwCleaner[S2].txt - [2558 octets] ##########
 

 
Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by administrator on 2014/06/21 at 10:14:55.00.
 
Running in: Normal Mode Internet Access Detected
Launched: d:\data\administrator.3YFK943Z\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
Failed to create System Restore Point
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\YahooAUService deleted successfully
 
==== FireFox Fix ======================
 
ProfilePath: d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default
 
user.js not found
---- Lines extensions.IyPdVS4khOh removed from prefs.js ----
user_pref("extensions.IyPdVS4khOh.epoch", "1403193222");
---- FireFox user.js and prefs.js backups ---- 
 
prefs_0621_1030_.backup
 
ProfilePath: d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
 
user.js not found
---- Lines trovi removed from prefs.js ----
user_pref("browser.newtab.url", "http://www.trovi.com...F50D
user_pref("browser.search.defaultenginename", "Trovi search");
user_pref("browser.search.selectedEngine", "Trovi search");
user_pref("browser.startup.homepage", "http://www.trovi.com...7D17A8F50D
---- FireFox user.js and prefs.js backups ---- 
 
prefs_0621_1030_.backup
 
==== Deleting Files \ Folders ======================
 
d:\data\Admin\AppData\LocalLow\{88930F23-C135-089C-994A-2F4A1EE03F77} deleted
d:\data\rainmaker\AppData\LocalLow\{88930F23-C135-089C-994A-2F4A1EE03F77} deleted
d:\data\ALLUSE~1\APPLIC~1\3eda283a8b7b0d3d deleted
d:\data\rainmaker\daemonprocess.txt deleted
d:\data\rainmaker\.android deleted
d:\data\ALLUSE~1\APPLIC~1\SAAvErrAddon deleted
C:\found.000 deleted
d:\data\Admin\Application Data\Yahoo! deleted
d:\data\administrator.3YFK943Z\Application Data\Yahoo! deleted
d:\data\NetworkService\Application Data\Yahoo! deleted
d:\data\rainmaker\Application Data\Yahoo! deleted
d:\data\ALLUSE~1\APPLIC~1\Yahoo! deleted
d:\data\ALLUSE~1\APPLIC~1\Yahoo! Companion deleted
d:\data\Admin\Local Settings\Application Data\SearchProtect deleted
d:\data\rainmaker\Local Settings\Application Data\SearchProtect deleted
d:\data\rainmaker\Local Settings\Application Data\cache deleted
d:\data\rainmaker\Local Settings\Application Data\Cool_Mirage deleted
d:\data\All Users\Start Menu\Programs\conntiniUetoosyavee deleted
C:\WINNT\system32\sasnative32.exe deleted
d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\aol-search.xml deleted
d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\trovi-search.xml deleted
d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\aolToolbarData deleted
d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\extensions\staged deleted
d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\CT2790392 deleted
d:\data\rainmaker\My Documents\Downloads\DownloadSetup.exe deleted
d:\data\Admin\Application Data\Mozilla\Firefox\Profiles\ilojflhm.default\extensions\[email protected] deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [2008/11/05 12:16 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: d:\data\RAINMA~1\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default
- Firebug - %ProfilePath%\extensions\[email protected]
 
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chrome Look ======================
 
Google Voice Search Hotword (Beta) - administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Voice Search Hotword (Beta) - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Music Plus for Google Play Music - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego
SAAvErrAddon - rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lggiggjcfppfkdfijdkpfbkajjfjnmoi
 
==== Chrome Fix ======================
 
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_servedby.dealply.com_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_servedby.dealply.com_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lggiggjcfppfkdfijdkpfbkajjfjnmoi deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lggiggjcfppfkdfijdkpfbkajjfjnmoi_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lggiggjcfppfkdfijdkpfbkajjfjnmoi_0.localstorage-journal deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipfnecmlncaiipncipkgijboddcdmego_0.localstorage deleted successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipfnecmlncaiipncipkgijboddcdmego_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3510421623-2965073675-2411060337-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2CF127F-2BC2-ADA4-734C-1F8FDD9EBA75} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FB7A4370-3BD6-263B-351A-5A9767389E89} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Check by AOL deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998} deleted successfully
 
==== Empty IE Cache ======================
 
d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5\OP57LQWU will be deleted at reboot
d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5\TLJ0ZQZ7 will be deleted at reboot
d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
d:\data\administrator.3YFK943Z\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
d:\data\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
d:\data\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
d:\data\rainmaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=228 folders=64 3911913 bytes)
 
==== Empty Temp Folders ======================
 
d:\data\Admin\Local Settings\Temp emptied successfully
d:\data\Administrator\Local Settings\temp emptied successfully
d:\data\administrator.3YFK943Z\Local Settings\temp will be emptied at reboot
d:\data\Default User\Local Settings\Temp emptied successfully
d:\data\LocalService\Local Settings\temp emptied successfully
d:\data\NetworkService\Local Settings\Temp will be emptied at reboot
d:\data\rainmaker\Local Settings\temp emptied successfully
d:\data\sserebre\Local Settings\temp emptied successfully
d:\data\stozin\Local Settings\temp emptied successfully
d:\data\tmaloof\Local Settings\temp emptied successfully
d:\data\tpritcha\Local Settings\temp emptied successfully
d:\data\wksbuild\Local Settings\temp emptied successfully
C:\WINNT\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINNT\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\RECYCLER successfully emptied
 
==== Deleting Files / Folders ======================
 
"d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found
"d:\data\administrator.3YFK943Z\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"d:\data\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"d:\data\NetworkService\Local Settings\Temp\Perflib_Perfdata_768.dat" not found
"d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5\OP57LQWU" not found
"d:\data\administrator.3YFK943Z\Local Settings\temp\Temporary Internet Files\Content.IE5\TLJ0ZQZ7" not found
 
==== EOF on 2014/06/21 at 15:33:21.01 ======================
 

OTL logfile created on: 2014/06/21 3:34:30 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = d:\data\administrator.3YFK943Z\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
1.49 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.67% Memory free
4.13 Gb Paging File | 3.71 Gb Available in Paging File | 89.84% Paging File free
Paging file location(s): C:\pagefile.sys 2850 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 60.45 Gb Total Space | 22.72 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive D: | 32.70 Gb Total Space | 6.38 Gb Free Space | 19.50% Space Free | Partition Type: NTFS
 
Computer Name: 3YFK943Z | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/18 13:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\administrator.3YFK943Z\Desktop\OTL.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2007/12/14 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2007/12/14 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/07/25 17:16:42 | 000,073,728 | ---- | M] (DameWare Development) -- C:\WINNT\system32\DWRCST.EXE
PRC - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) -- C:\WINNT\system32\DWRCS.EXE
PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2006/02/01 16:10:32 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005/09/15 14:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
PRC - [2005/09/06 16:50:50 | 000,045,056 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
PRC - [2005/04/27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\userinit.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/21 13:16:52 | 000,265,216 | ---- | M] () -- C:\Program Files\Bitcasa\ExplorerMenu.dll
MOD - [2014/02/21 13:06:24 | 002,064,896 | ---- | M] () -- C:\Program Files\Bitcasa\bitcasaui.dll
MOD - [2007/12/14 15:06:00 | 000,156,992 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naisign2.dll
MOD - [2007/12/14 15:06:00 | 000,120,128 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
MOD - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2006/02/01 16:09:42 | 000,024,576 | ---- | M] () -- C:\WINNT\system32\tphklock.dll
MOD - [2005/12/07 02:12:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/12/07 02:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2005/09/06 16:50:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIcon.DLL
MOD - [2003/02/20 16:42:34 | 001,159,289 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\client\jvm.dll
MOD - [2003/02/20 16:42:34 | 000,102,511 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\java.dll
MOD - [2003/02/20 16:42:34 | 000,057,451 | R--- | M] () -- C:\Program Files\Nortel Networks\TunnelGuard\jre\bin\net.dll
MOD - [2003/02/20 16:42:34 | 000,057,449 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\verify.dll
MOD - [2003/02/20 16:42:34 | 000,053,360 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\zip.dll
MOD - [2003/02/20 16:42:32 | 000,028,787 | R--- | M] () -- c:\Program Files\Nortel Networks\TunnelGuard\jre\bin\hpi.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/06/05 16:21:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/14 14:35:05 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2007/12/14 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/07/25 17:16:30 | 000,222,720 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINNT\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/07/25 14:23:30 | 002,635,480 | ---- | M] (Sygate Technologies, Inc.) [Disabled | Stopped] -- c:\Program Files\Sygate\SSA\Smc.exe -- (SmcService)
SRV - [2006/07/25 14:14:52 | 000,323,658 | ---- | M] (Sygate Technologies, Inc.) [On_Demand | Stopped] -- c:\Program Files\Sygate\SSA\Maga\Maga.exe -- (magaService)
SRV - [2006/05/09 17:37:50 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nexxia\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2005/10/06 23:18:26 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/09/06 16:51:08 | 000,053,248 | ---- | M] (Alexandria Software Consulting) [Auto | Running] -- c:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe -- (tunnelguardservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/11/25 13:02:58 | 000,346,688 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cbfs5.sys -- (cbfs5)
DRV - [2009/04/25 19:16:14 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\iPassP.sys -- (iPassP)
DRV - [2007/10/16 20:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 20:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 20:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 20:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/10/16 20:50:00 | 000,031,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2007/08/09 17:33:14 | 000,013,360 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- c:\DRIVERS\T60\BIOS\tpflhlp.sys -- (tpflhlp)
DRV - [2007/03/20 16:58:30 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/03/20 08:01:07 | 000,099,328 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2007/02/15 08:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINNT\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 08:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/07/25 14:24:26 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2006/07/25 14:24:24 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2006/07/25 14:24:20 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2006/07/25 14:24:16 | 000,014,952 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2006/07/25 13:59:48 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2006/07/25 13:57:10 | 000,061,008 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2006/05/09 17:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 17:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005/12/07 02:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/05 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 02:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 02:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/04/27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/27 09:15:50 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/15 12:04:14 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\FLMckUSB.sys -- (FLMCKUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/05 16:21:14 | 000,000,000 | ---D | M]
 
[2014/06/05 16:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/05 16:21:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/06/21 08:27:04 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\BitcasaBoot.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmcService] c:\Program Files\Sygate\SSA\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: d:\data\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE (Nortel Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O15 - HKLM\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([*.oak.fg] * in Local intranet)
O15 - HKLM\..Trusted Domains: rbc.com ([mis.fg] https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbc.com ([pmtprojectserver.fg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: rbccm.com ([crm] * in Local intranet)
O15 - HKLM\..Trusted Domains: royalbank.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rbc.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: royalbank.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oak.fg.rbc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7CDD4B1-2448-4BD0-9C0C-A8E2B9BEF111}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINNT\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINNT\System32\tphklock.dll ()
O21 - SSODL: EldosMountNotificator-cbfs5 - {2FDAFB24-B169-4275-A542-BBBF7E571352} - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {2FDAFB24-B169-4275-A542-BBBF7E571352} - Virtual Storage Mount Notification - C:\WINNT\system32\cbfsMntNtf5.dll (EldoS Corporation)
O24 - Desktop BackupWallPaper: C:\WINNT\RBCVGA.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/18 12:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/21 10:36:41 | 000,000,000 | ---D | C] -- C:\WINNT\Temp
[2014/06/21 10:33:26 | 000,000,000 | ---D | C] -- d:\data\All Users\Application Data\Yahoo!
[2014/06/21 08:56:56 | 001,016,261 | ---- | C] (Thisisu) -- d:\data\administrator.3YFK943Z\Desktop\JRT.exe
[2014/06/21 08:54:39 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/21 06:59:17 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\PCHealth
[2014/06/21 03:05:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/19 16:47:56 | 000,000,000 | ---D | C] -- C:\WINNT\ie8updates
[2014/06/19 16:21:37 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\Application Data\vlc
[2014/06/18 17:05:08 | 000,000,000 | ---D | C] -- C:\WINNT\System32\PreInstall
[2014/06/18 16:36:50 | 000,000,000 | ---D | C] -- d:\data\All Users\Start Menu\Programs\Bitcasa
[2014/06/18 16:36:49 | 000,157,480 | ---- | C] (EldoS Corporation) -- C:\WINNT\System32\cbfsMntNtf5.dll
[2014/06/18 16:36:48 | 000,346,688 | ---- | C] (EldoS Corporation) -- C:\WINNT\System32\drivers\cbfs5.sys
[2014/06/18 16:36:48 | 000,219,944 | ---- | C] (EldoS Corporation) -- C:\WINNT\System32\cbfsNetRdr5.dll
[2014/06/18 16:36:48 | 000,009,000 | ---- | C] (EldoS Corporation) -- C:\WINNT\System32\elevtmsg.dll
[2014/06/18 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcasa
[2014/06/18 13:34:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\data\administrator.3YFK943Z\Desktop\OTL.exe
[2014/06/18 13:34:35 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\My Documents\Downloads
[2014/06/18 13:30:49 | 000,000,000 | ---D | C] -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\Google
[2014/06/18 13:30:48 | 000,000,000 | -HSD | C] -- d:\data\administrator.3YFK943Z\IETldCache
[2014/06/18 13:02:55 | 000,000,000 | ---D | C] -- d:\data\All Users\Start Menu\Programs\Google Chrome
[2014/06/05 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/21 15:33:15 | 000,000,880 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/21 15:32:34 | 000,000,958 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012UA.job
[2014/06/21 15:32:34 | 000,000,884 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/21 15:32:34 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/06/21 12:06:49 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/06/21 10:14:38 | 000,024,064 | ---- | M] () -- C:\WINNT\zoek-delete.exe
[2014/06/21 10:00:00 | 000,000,906 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3510421623-2965073675-2411060337-1012Core.job
[2014/06/21 08:56:54 | 001,016,261 | ---- | M] (Thisisu) -- d:\data\administrator.3YFK943Z\Desktop\JRT.exe
[2014/06/21 08:54:23 | 001,285,120 | ---- | M] () -- d:\data\administrator.3YFK943Z\Desktop\zoek.exe
[2014/06/21 08:32:50 | 001,333,465 | ---- | M] () -- d:\data\administrator.3YFK943Z\Desktop\AdwCleaner.exe
[2014/06/21 08:27:04 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2014/06/21 08:15:41 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2014/06/21 03:16:24 | 000,146,808 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/06/21 03:10:16 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2014/06/21 03:06:44 | 000,495,970 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2014/06/21 03:06:44 | 000,091,828 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2014/06/20 20:36:43 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2014/06/19 16:22:21 | 000,003,584 | ---- | M] () -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/18 16:49:17 | 000,001,277 | ---- | M] () -- d:\data\All Users\Desktop\Bitcasa Infinite Drive.lnk
[2014/06/18 13:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\data\administrator.3YFK943Z\Desktop\OTL.exe
[2014/06/18 13:31:29 | 000,001,696 | ---- | M] () -- d:\data\administrator.3YFK943Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/18 13:30:55 | 000,000,692 | ---- | M] () -- d:\data\administrator.3YFK943Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/18 13:30:46 | 000,000,008 | RHS- | M] () -- d:\data\administrator.3YFK943Z\ntuser.pol
[2014/06/18 13:02:55 | 000,001,696 | ---- | M] () -- d:\data\All Users\Desktop\Google Chrome.lnk
[2014/06/18 12:52:11 | 000,002,101 | ---- | M] () -- d:\data\All Users\Desktop\Safari.lnk
 
========== Files Created - No Company Name ==========
 
[2014/06/21 10:36:43 | 000,024,064 | ---- | C] () -- C:\WINNT\zoek-delete.exe
[2014/06/21 08:54:35 | 001,285,120 | ---- | C] () -- d:\data\administrator.3YFK943Z\Desktop\zoek.exe
[2014/06/21 08:33:09 | 001,333,465 | ---- | C] () -- d:\data\administrator.3YFK943Z\Desktop\AdwCleaner.exe
[2014/06/19 16:22:21 | 000,003,584 | ---- | C] () -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/18 16:36:50 | 000,001,277 | ---- | C] () -- d:\data\All Users\Desktop\Bitcasa Infinite Drive.lnk
[2014/06/18 13:30:50 | 000,001,696 | ---- | C] () -- d:\data\administrator.3YFK943Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/18 13:02:55 | 000,001,696 | ---- | C] () -- d:\data\All Users\Desktop\Google Chrome.lnk
[2014/06/18 12:55:50 | 000,000,884 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 12:55:50 | 000,000,880 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 16:35:20 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2013/04/02 16:35:19 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2013/04/02 16:35:18 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2013/04/02 16:35:18 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2013/04/02 16:35:18 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2013/03/30 20:35:14 | 000,015,616 | ---- | C] () -- C:\WINNT\System32\drivers\TrueSight.sys
[2012/07/12 20:58:49 | 000,558,133 | ---- | C] () -- C:\WINNT\System32\sqlite3.dll
[2010/01/15 22:16:55 | 000,006,954 | RHS- | C] () -- d:\data\All Users\ntuser.pol
[2009/09/21 09:36:09 | 000,000,008 | RHS- | C] () -- d:\data\administrator.3YFK943Z\ntuser.pol
[2009/09/21 09:36:08 | 000,000,118 | ---- | C] () -- d:\data\administrator.3YFK943Z\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2007/03/20 16:47:16 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:35:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/07/14 19:57:39 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Bloomberg
[2009/04/25 19:16:19 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\iPass
[2010/02/05 16:38:28 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\LiquidTechnologies
[2007/03/20 17:15:11 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Network Associates
[2014/05/13 10:21:21 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\pastaleads
[2013/05/16 11:16:08 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\Price Check by AOL
[2014/05/13 10:26:04 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\TEMP
[2010/02/05 16:38:09 | 000,000,000 | -H-D | M] -- d:\data\All Users\Application Data\{1E2473C2-7307-4952-8F94-5AFE8309DF4D}
[2009/06/17 14:12:31 | 000,000,000 | ---D | M] -- d:\data\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
 

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
No active process named CltMngSvc.exe was found!
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
No active process named nuttkoqiez32.exe was found!
Service nuttkoqiez32 stopped successfully!
Service nuttkoqiez32 deleted successfully!
C:\Program Files\003\nuttkoqiez32.exe moved successfully.
No active process named PastaLeadsWinApp.exe was found!
d:\data\All Users\Start Menu\Programs\Startup\PastaQuotes.lnk moved successfully.
C:\Program Files\pastaleads\PastaLeadsWinApp.exe moved successfully.
Service PsaSrv stopped successfully!
Service PsaSrv deleted successfully!
File C:\WINNT\system32\PsaSrv.exe not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88930F23-C135-089C-994A-2F4A1EE03F77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88930F23-C135-089C-994A-2F4A1EE03F77}\ deleted successfully.
d:\data\All Users\Application Data\SAAvErrAddon\KBJqEAtVe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
========== FILES ==========
C:\Program Files\pastaleads folder moved successfully.
C:\Program Files\003 folder moved successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 3993322 bytes
->Temporary Internet Files folder emptied: 70819 bytes
->FireFox cache emptied: 111026944 bytes
->Google Chrome cache emptied: 6749751 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4579 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: administrator.3YFK943Z
->Temp folder emptied: 6332623 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 231479594 bytes
->Flash cache emptied: 607 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 33601 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: rainmaker
->Temp folder emptied: 55212450 bytes
->Temporary Internet Files folder emptied: 3167422 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 122541703 bytes
->Google Chrome cache emptied: 57955778 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 607 bytes
 
User: sserebre
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: stozin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Testing
 
User: tmaloof
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: tpritcha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: wksbuild
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4876443 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 38832982 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 26179120 bytes
 
Total Files Cleaned = 638.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06212014_082655
 
Files\Folders moved on Reboot...
File\Folder d:\data\rainmaker\Local Settings\Temp\Temporary Internet Files\Content.IE5\7RO0CTSF\4ICAPH4OWLCA3FZWJQCANTJPQNCAGTOVAPCA1RY7CSCA95S30ECACB3MAMCAUQ9VNXCAB9WT2YCAMFY77TCASMWE08CA3CLAHECAXBPA4NCAR8Q5UHCAMG2OIQCAUYSQWHCAVKAIHUCAGE2BYMCAA7EE50CAPJT8G5CA842F2BCANJOVT9 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

  • 0

#6
Biscuithd
Posted 22 June 2014 - 09:47 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, here are your next steps.

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download Malwarebytes' Anti-Malware

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Threat Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install.
  • Make sure that the option Remove found threats is unticked
  • If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first! located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
  • Then paste the Logfile in the thread
  • Then click on: Finish

To summarize, please post back the Security Check log, ESET log and the MBAM log.


  • 0

#7
Essexboy
Posted 26 June 2014 - 07:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP