[Essexboy]

DESKTOP XP

Doesn't look to bad actually, how is it running

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {a3bc75a2-1f87-4686-aa43-5347d756017c} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: dcomcfg.exe = dcomcfg.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2) 
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02) 
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05) 

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Advertisements]

Desktop seems to be running ok. Here is latest log:

 

OTL logfile created on: 7/29/2014 11:26:13 AM - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.36% Memory free

3.32 Gb Paging File | 2.40 Gb Available in Paging File | 72.34% Paging File free

Paging file location(s): C:\pagefile.sys 1519 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 182.02 Gb Total Space | 117.34 Gb Free Space | 64.47% Space Free | Partition Type: NTFS

Drive D: | 4.27 Gb Total Space | 1.68 Gb Free Space | 39.27% Space Free | Partition Type: FAT32

 

Computer Name: LAUNDRYROOM | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe (TalkAndWrite)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\zHotkey.exe ()

PRC - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe (Executive Software International, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Alwil Software\Avast5\defs\14072900\algo.dll ()

MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

MOD - C:\Program Files\Flip Video\FlipShare\Core.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\qca2.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtXml4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtGui4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtCore4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtSql4.dll ()

MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

MOD - C:\WINDOWS\system32\emfxp.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\minidoc2img.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\WINDOWS\zHotkey.exe ()

MOD - C:\WINDOWS\HKNTDLL.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (Diskeeper) -- C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe (Executive Software International, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (hpn) -- system32\DRIVERS\hpn.sys File not found

DRV - (Changer) --  File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)

DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()

DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd.                                               )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC

IE - HKCU\..\SearchScopes\{F0EDC05C-6B1C-4BBA-AD00-99CD757BCCA5}: "URL" = http://www.google.co...&rlz=1I7GPEA_en

IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}

IE - HKCU\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/10/16 23:42:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/23 07:15:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/23 07:15:07 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 03:36:14 | 000,010,691 | ---- | M] ()

 

[2009/06/18 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2014/06/23 07:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2014/06/23 07:15:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/06/23 07:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014/06/23 07:15:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/06/23 07:15:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\

CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

 

O1 HOSTS File: ([2014/07/29 11:06:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {a3bc75a2-1f87-4686-aa43-5347d756017c} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe (TalkAndWrite)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)

O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.micros...b?1245386745984 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-03.su...ows-i586-jc.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504A8F1A-9B2E-4E6B-9EE0-3B737A56B074}: DhcpNameServer = 10.0.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]

O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

O33 - MountPoints2\{70183eaf-ed4e-11de-9f17-0013200f8fed}\Shell - "" = AutoRun

O33 - MountPoints2\{70183eaf-ed4e-11de-9f17-0013200f8fed}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{70183eaf-ed4e-11de-9f17-0013200f8fed}\Shell\AutoRun\command - "" = K:\Photo_Viewer.exe

O33 - MountPoints2\{90695356-7f0b-11df-9f2f-0013200f8fed}\Shell - "" = AutoRun

O33 - MountPoints2\{90695356-7f0b-11df-9f2f-0013200f8fed}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{90695356-7f0b-11df-9f2f-0013200f8fed}\Shell\AutoRun\command - "" = K:\LaunchU3.exe

O33 - MountPoints2\{ffd0a906-8b3a-11e0-9f6f-0013200f8fed}\Shell\AutoRun\command - "" = K:\Setup_FlipShare.exe

O33 - MountPoints2\{ffd0a906-8b3a-11e0-9f6f-0013200f8fed}\Shell\Setup FlipShare\command - "" = K:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/07/29 11:01:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/07/29 08:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2014/07/29 07:42:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/07/29 07:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/07/29 07:36:09 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/07/29 07:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/07/29 07:24:29 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll

[2014/07/29 07:23:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/07/29 07:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Old Firefox Data

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/07/29 11:23:45 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/07/29 11:22:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/07/29 11:22:40 | 2136,825,856 | -HS- | M] () -- C:\hiberfil.sys

[2014/07/29 11:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/07/29 11:06:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2014/07/29 10:51:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/07/29 08:55:49 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys

[2014/07/29 08:53:54 | 000,001,720 | ---- | M] () -- C:\WINDOWS\System32\.crusader

[2014/07/29 07:36:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/07/28 12:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/07/28 09:57:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2014/07/25 10:58:31 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Classic or Deluxe Manicures.msg

[2014/07/25 10:58:31 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Supercharge Your Weekend at Regal City Center Stadium 12.msg

[2014/07/25 10:58:31 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Don't Miss our Summer Sale & Clearance  Up to 80% Off.msg

[2014/07/25 10:58:31 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Love Of Turquoise + Take $5 Off! Open For Details.msg

[2014/07/25 10:58:31 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Daedalic and Telltale titles up to 90% off  GOG com goes Linux!.msg

[2014/07/25 10:58:30 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Additional Savings on Dura Cabinet Storage Systems  Cruises  Window Treatments and More!.msg

[2014/07/25 10:58:29 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Extra 10% Off Local Cultural Attractions.msg

[2014/07/25 10:58:29 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Triathlon Sale - Save Up to 50% on Westsuit & Clothing!.msg

[2014/07/24 20:27:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2014/07/19 08:33:36 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010.lnk

[2014/07/19 06:38:52 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2014/07/18 11:29:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/07/08 19:00:50 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/07/29 08:55:49 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys

[2014/07/29 08:53:54 | 000,001,720 | ---- | C] () -- C:\WINDOWS\System32\.crusader

[2014/07/25 10:58:31 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Classic or Deluxe Manicures.msg

[2014/07/25 10:58:31 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Supercharge Your Weekend at Regal City Center Stadium 12.msg

[2014/07/25 10:58:31 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Don't Miss our Summer Sale & Clearance  Up to 80% Off.msg

[2014/07/25 10:58:31 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Love Of Turquoise + Take $5 Off! Open For Details.msg

[2014/07/25 10:58:31 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Daedalic and Telltale titles up to 90% off  GOG com goes Linux!.msg

[2014/07/25 10:58:30 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Additional Savings on Dura Cabinet Storage Systems  Cruises  Window Treatments and More!.msg

[2014/07/25 10:58:29 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Extra 10% Off Local Cultural Attractions.msg

[2014/07/25 10:58:29 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Triathlon Sale - Save Up to 50% on Westsuit & Clothing!.msg

[2013/03/19 21:50:24 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/19 21:50:23 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2011/12/08 13:54:54 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

[2008/07/16 10:47:03 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/20 11:49:19 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2006/01/28 07:40:48 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

========== ZeroAccess Check ==========

 

[2005/02/14 18:21:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/11/13 20:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/07/25 22:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2013/10/16 23:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/09/25 13:52:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/09/25 14:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP

[2011/10/25 21:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2012/09/30 13:24:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2013/02/25 22:35:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2011/09/25 14:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2

[2011/09/25 13:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2011/09/25 14:02:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2014/07/11 14:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2011/10/25 18:45:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2011/09/25 14:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX

[2011/09/25 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2008/07/12 08:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast

[2011/05/30 21:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2014/07/29 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2010/06/23 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2009/06/19 13:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2012/01/10 22:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2013/10/18 03:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software

[2009/10/18 06:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Green Book

[2011/10/25 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2011/09/25 13:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX

[2010/12/06 23:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JacquieLawsonAdventCalendar

[2011/12/02 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JLAdventCalendarLondon2011

[2011/12/09 16:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2005/02/14 18:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2011/12/08 13:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

 

========== Purity Check ==========

 

 

 

< End of report >

[cinster]

Desktop seems to be running ok. Here is latest log:

 

OTL logfile created on: 7/29/2014 11:26:13 AM - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.36% Memory free

3.32 Gb Paging File | 2.40 Gb Available in Paging File | 72.34% Paging File free

Paging file location(s): C:\pagefile.sys 1519 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 182.02 Gb Total Space | 117.34 Gb Free Space | 64.47% Space Free | Partition Type: NTFS

Drive D: | 4.27 Gb Total Space | 1.68 Gb Free Space | 39.27% Space Free | Partition Type: FAT32

 

Computer Name: LAUNDRYROOM | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe (TalkAndWrite)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\zHotkey.exe ()

PRC - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe (Executive Software International, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Alwil Software\Avast5\defs\14072900\algo.dll ()

MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

MOD - C:\Program Files\Flip Video\FlipShare\Core.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\qca2.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtXml4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtGui4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtCore4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\QtSql4.dll ()

MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

MOD - C:\WINDOWS\system32\emfxp.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\minidoc2img.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\WINDOWS\zHotkey.exe ()

MOD - C:\WINDOWS\HKNTDLL.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (Diskeeper) -- C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe (Executive Software International, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (hpn) -- system32\DRIVERS\hpn.sys File not found

DRV - (Changer) --  File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)

DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()

DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd.                                               )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC

IE - HKCU\..\SearchScopes\{F0EDC05C-6B1C-4BBA-AD00-99CD757BCCA5}: "URL" = http://www.google.co...&rlz=1I7GPEA_en

IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}

IE - HKCU\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/10/16 23:42:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/23 07:15:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/23 07:15:07 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 03:36:14 | 000,010,691 | ---- | M] ()

 

[2009/06/18 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2014/06/23 07:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2014/06/23 07:15:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/06/23 07:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014/06/23 07:15:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/06/23 07:15:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\

CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

 

O1 HOSTS File: ([2014/07/29 11:06:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {a3bc75a2-1f87-4686-aa43-5347d756017c} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe (TalkAndWrite)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)

O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.micros...b?1245386745984 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-03.su...ows-i586-jc.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504A8F1A-9B2E-4E6B-9EE0-3B737A56B074}: DhcpNameServer = 10.0.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]

O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

O33 - MountPoints2\{70183eaf-ed4e-11de-9f17-0013200f8fed}\Shell - "" = AutoRun

O33 - MountPoints2\{70183eaf-ed4e-11de-9f17-0013200f8fed}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{70183eaf-ed4e-11de-9f17-0013200f8fed}\Shell\AutoRun\command - "" = K:\Photo_Viewer.exe

O33 - MountPoints2\{90695356-7f0b-11df-9f2f-0013200f8fed}\Shell - "" = AutoRun

O33 - MountPoints2\{90695356-7f0b-11df-9f2f-0013200f8fed}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{90695356-7f0b-11df-9f2f-0013200f8fed}\Shell\AutoRun\command - "" = K:\LaunchU3.exe

O33 - MountPoints2\{ffd0a906-8b3a-11e0-9f6f-0013200f8fed}\Shell\AutoRun\command - "" = K:\Setup_FlipShare.exe

O33 - MountPoints2\{ffd0a906-8b3a-11e0-9f6f-0013200f8fed}\Shell\Setup FlipShare\command - "" = K:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/07/29 11:01:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/07/29 08:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2014/07/29 07:42:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/07/29 07:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/07/29 07:36:09 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/07/29 07:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/07/29 07:24:29 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll

[2014/07/29 07:23:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/07/29 07:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Old Firefox Data

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/07/29 11:23:45 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/07/29 11:22:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/07/29 11:22:40 | 2136,825,856 | -HS- | M] () -- C:\hiberfil.sys

[2014/07/29 11:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/07/29 11:06:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2014/07/29 10:51:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/07/29 08:55:49 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys

[2014/07/29 08:53:54 | 000,001,720 | ---- | M] () -- C:\WINDOWS\System32\.crusader

[2014/07/29 07:36:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/07/28 12:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/07/28 09:57:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2014/07/25 10:58:31 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Classic or Deluxe Manicures.msg

[2014/07/25 10:58:31 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Supercharge Your Weekend at Regal City Center Stadium 12.msg

[2014/07/25 10:58:31 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Don't Miss our Summer Sale & Clearance  Up to 80% Off.msg

[2014/07/25 10:58:31 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Love Of Turquoise + Take $5 Off! Open For Details.msg

[2014/07/25 10:58:31 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Daedalic and Telltale titles up to 90% off  GOG com goes Linux!.msg

[2014/07/25 10:58:30 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Additional Savings on Dura Cabinet Storage Systems  Cruises  Window Treatments and More!.msg

[2014/07/25 10:58:29 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Extra 10% Off Local Cultural Attractions.msg

[2014/07/25 10:58:29 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Triathlon Sale - Save Up to 50% on Westsuit & Clothing!.msg

[2014/07/24 20:27:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2014/07/19 08:33:36 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010.lnk

[2014/07/19 06:38:52 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2014/07/18 11:29:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/07/08 19:00:50 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/07/29 08:55:49 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys

[2014/07/29 08:53:54 | 000,001,720 | ---- | C] () -- C:\WINDOWS\System32\.crusader

[2014/07/25 10:58:31 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Classic or Deluxe Manicures.msg

[2014/07/25 10:58:31 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Supercharge Your Weekend at Regal City Center Stadium 12.msg

[2014/07/25 10:58:31 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Don't Miss our Summer Sale & Clearance  Up to 80% Off.msg

[2014/07/25 10:58:31 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Love Of Turquoise + Take $5 Off! Open For Details.msg

[2014/07/25 10:58:31 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Daedalic and Telltale titles up to 90% off  GOG com goes Linux!.msg

[2014/07/25 10:58:30 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Additional Savings on Dura Cabinet Storage Systems  Cruises  Window Treatments and More!.msg

[2014/07/25 10:58:29 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Extra 10% Off Local Cultural Attractions.msg

[2014/07/25 10:58:29 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Triathlon Sale - Save Up to 50% on Westsuit & Clothing!.msg

[2013/03/19 21:50:24 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/19 21:50:23 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2011/12/08 13:54:54 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

[2008/07/16 10:47:03 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/20 11:49:19 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2006/01/28 07:40:48 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

========== ZeroAccess Check ==========

 

[2005/02/14 18:21:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/11/13 20:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/07/25 22:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2013/10/16 23:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/09/25 13:52:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/09/25 14:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP

[2011/10/25 21:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2012/09/30 13:24:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2013/02/25 22:35:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2011/09/25 14:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2

[2011/09/25 13:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2011/09/25 14:02:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2014/07/11 14:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2011/10/25 18:45:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2011/09/25 14:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX

[2011/09/25 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2008/07/12 08:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast

[2011/05/30 21:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2014/07/29 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2010/06/23 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2009/06/19 13:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2012/01/10 22:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2013/10/18 03:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software

[2009/10/18 06:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Green Book

[2011/10/25 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2011/09/25 13:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX

[2010/12/06 23:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JacquieLawsonAdventCalendar

[2011/12/02 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JLAdventCalendarLondon2011

[2011/12/09 16:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2005/02/14 18:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2011/12/08 13:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

 

========== Purity Check ==========

 

 

 

< End of report >

[cinster]

On laptop - I am not able to get CryptoPrevent to run. I downloaded installer and when I start it up I get the User Account Control window. I say yes to allow and it just goes away. Any idea what I've done wrong - or is it some kind of compatibility issue?

[Essexboy]

Could you right click the programme and select "Run as Administrator "

[cinster]

Yes - tried that with same result

[Essexboy]

Hmm second time I have come across this... I will have a look and see what I can find out

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.