Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some kind of virus? Ads, computer freezes, etc. [Closed]

Started by Alyssachu , Sep 23 2014 04:48 PM

  • This topic is locked This topic is locked

#1
Alyssachu
Posted 23 September 2014 - 04:48 PM

Alyssachu

    New Member

  • Member
  • Pip
  • 9 posts

Hey all, it's been years. Hope I'm doing this right. :unsure: 

 

You guys have helped me in the past with a terrible ol' virus I had on my old desktop computer years ago. Well, I seem to have a problem. Let me rephrase that…my FRIEND has a problem. Her roommate brought a bunch of malware onto her laptop months ago and, being the not-so-tech-savvy person she is, she didn't do anything about it and it has gotten worse and worse. Fake ads popping up, computer slowing down, computer freezing, etc. It got to the point where it would freeze on start-up, so I finally grabbed her computer and took it home with me to try and fix. I scanned it under Safe Mode with Malwarebytes, which helped a lot- About 61 threats were removed. Rebooted --> Still acting wonky. So then I download Spybot, and Spybot removes over 100 threats. Geeze. This was a few days ago. The computer is faster and it actually starts up now, but it's still freezing after logging in (Safe Mode is fine, obviously). Looks like there is a bunch of crap in the HT log… Help me out please?

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:34:40 PM, on 9/23/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
 
FIREFOX: 20.0.1 (en-US)
Boot mode: Safe mode with network support
 
Running processes:
F:\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...670,0,GC37,7635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1088;https=127.0.0.1:1088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [ContentExplorer] "C:\Users\panerabitch\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: SoftwareUpdater.lnk = C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{57CE0F66-79E4-4A10-88BC-AF36F7C7817D}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Dyyno Service (Dyyno Launcher) - Unknown owner - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) - Unknown owner - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 14622 bytes
 

  • 0

Advertisements

#2
DonnaB
Posted 23 September 2014 - 05:55 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Alyssachu,

I'd be more than happy to help you out! :)

We do not use HiJackThis anymore (well, a majority of us don't) since more computers are now shipped with 64-bit versions of Windows installed. HJT is a 32-bit diagnostic tool and when running HJT on a 64-bit environment, it gives you a misleading report. This is most relevent when you look at the services section (023's), it displays that the files are missing when in reality they are not.

Do you still have the Malwarebytes log? Please post that log for me to review what was removed.

For the moment, uninstall Spybot Search and Destroy. It can interfer with some of our tools.... :)

First, let's see what Adware Cleaner will remove concerning the adware.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
  • Click the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Next:

Let's get a scan from a diagnostic tool that is compatible and see what it displays.

See if you can boot to normal mode to do this scan. If not, it can be ran in Safe Mode with Networking:

Please download OTL to your Desktop
  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

In your next reply, please post the following logs:


C:\AdwCleaner\AdwCleaner[S0].txt
OTL.txt
Extras.txt

Thank you,
Donna :)
  • 0

#3
Alyssachu
Posted 24 September 2014 - 04:20 PM

Alyssachu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you so much. Had no idea you guys didnt use HT anymore.

 

Unfortunately I dont have the log from scanning with Malwarebytes last week…sorry.  :upset:

 

I had to scan in Safe Mode with networking (although for some reason the computer wont connect to the internet… says "connected" to my wifi but shows an X over the wifi bars).

 

I attached the logs to this post.

Attached Files


  • 0

#4
DonnaB
Posted 24 September 2014 - 08:42 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Alyssachu,

Thank you for the logs! :)

The free space on the C:\ drive is maxed out! We need at least 15-20% free space to work with here. See below:

Drive C: | 283.40 Gb Total Space | 10.87 Gb Free Space | 3.83% Space Free | Partition Type: NTFS

You're going to have to create more free space by uninstalling some files, etc. I'm not even sure the fix I have prepared below will work, but we can try. If not, uninstalling files to create that free space we need will be a must.

Also, I see no AV installed. That is a must, but we will worry about that after the fix and we get some free space created and this computer connected in normal mode.

The user name on the account that you are logged in on includes an expletive word that the forum's software will censor and bleep out. There is a file in that user account that needs to be removed, so I will need to attach the fix to my post below.

What I need you to do is to open OTL;
  • Copy and paste ALL of the contents of the fix.txt that is attached below into the Custom Scans/Fixes box at the bottom.
  • Click the Run Fix button at the top.
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Attached File  fix.txt   4.95KB   204 downloads
  • 0

#5
Alyssachu
Posted 25 September 2014 - 06:29 PM

Alyssachu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you for the help. Yeah, there are a ton of games on her computer… I managed to free up about 15gb, and I apologize for her username. :P

 

I ran the quick scan. Do you want me to post the log that came up…?

Here's what was in the Moved Files:

 

 

 

 

 

��All processes killed
 
========== COMMANDS ==========
 
Unable to start System Restore Service. Error code 1084
 
========== OTL ==========
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
 
HKU\S-1-5-21-480946883-1162494345-3413628172-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
 
HKU\S-1-5-21-480946883-1162494345-3413628172-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
 
HKU\S-1-5-21-480946883-1162494345-3413628172-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
 
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
 
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
 
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
 
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
 
Registry value HKEY_USERS\S-1-5-21-480946883-1162494345-3413628172-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
 
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
 
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
 
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
 
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
 
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
 
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
 
C:\Users\panerabitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
 
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
 
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
 
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
 
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
 
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
 
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
 
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
 
File Protocol\Handler\linkscanner - No CLSID value found not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
 
File Protocol\Handler\livecall - No CLSID value found not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
 
File Protocol\Handler\msnim - No CLSID value found not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
 
File Protocol\Handler\skype4com - No CLSID value found not found.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
 
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
 
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
 
C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job moved successfully.
 
C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job moved successfully.
 
C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job moved successfully.
 
C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job moved successfully.
 
C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job moved successfully.
 
C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job moved successfully.
 
========== FILES ==========
 
File\Folder C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rmv.job not found.
 
File\Folder C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rel.job not found.
 
File\Folder C:\Windows\tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job not found.
 
File\Folder C:\Windows\tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job not found.
 
File\Folder C:\Windows\tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job not found.
 
File\Folder C:\Windows\tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job not found.
 
< netsh int ip reset c:\resetlog.txt /c >
 
Reseting Global, OK!
 
Reseting Interface, OK!
 
Reseting Unicast Address, OK!
 
Reseting Route, OK!
 
Restart the computer to complete this action.
 
F:\cmd.bat deleted successfully.
 
F:\cmd.txt deleted successfully.
 
< ipconfig /flushdns /c >
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
F:\cmd.bat deleted successfully.
 
F:\cmd.txt deleted successfully.
 
< ipconfig /release /c >
 
Windows IP Configuration
 
No operation can be performed on Network Bridge while it has its media disconnected.
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
 
F:\cmd.bat deleted successfully.
 
F:\cmd.txt deleted successfully.
 
< ipconfig /renew /c >
 
Windows IP Configuration
 
No operation can be performed on Network Bridge while it has its media disconnected.
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
 
F:\cmd.bat deleted successfully.
 
F:\cmd.txt deleted successfully.
 
========== COMMANDS ==========
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
 
HOSTS file reset successfully
 
 
 
[EMPTYTEMP]
 
 
 
User: All Users
 
 
 
User: cdenholm
 
->Temp folder emptied: 899883146 bytes
 
->Temporary Internet Files folder emptied: 37637820 bytes
 
->Java cache emptied: 12050441 bytes
 
->FireFox cache emptied: 73024408 bytes
 
->Google Chrome cache emptied: 41949709 bytes
 
->Flash cache emptied: 3154396 bytes
 
 
 
User: Default
 
->Temp folder emptied: 0 bytes
 
->Temporary Internet Files folder emptied: 33170 bytes
 
->Flash cache emptied: 56502 bytes
 
 
 
User: Default User
 
->Temp folder emptied: 0 bytes
 
->Temporary Internet Files folder emptied: 0 bytes
 
->Flash cache emptied: 0 bytes
 
 
 
User: Guest
 
->Temp folder emptied: 23776105 bytes
 
->Temporary Internet Files folder emptied: 35983600 bytes
 
->Java cache emptied: 735 bytes
 
->FireFox cache emptied: 4513091 bytes
 
->Google Chrome cache emptied: 233465966 bytes
 
->Flash cache emptied: 26162 bytes
 
 
 
User: panerabitch
 
->Temp folder emptied: 6906276 bytes
 
->Temporary Internet Files folder emptied: 128 bytes
 
->Java cache emptied: 0 bytes
 
->Google Chrome cache emptied: 0 bytes
 
->Flash cache emptied: 57004 bytes
 
 
 
User: Phil
 
 
 
User: Public
 
 
 
%systemdrive% .tmp files removed: 0 bytes
 
%systemroot% .tmp files removed: 0 bytes
 
%systemroot%\System32 .tmp files removed: 0 bytes
 
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
 
%systemroot%\System32\drivers .tmp files removed: 0 bytes
 
Windows Temp folder emptied: 29869 bytes
 
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46486501 bytes
 
RecycleBin emptied: 0 bytes
 
 
 
Total Files Cleaned = 1,353.00 mb
 
 
 
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09252014_192120
 
 
 
Files\Folders moved on Reboot...
 
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
 
C:\Users\panerabitch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
C:\Users\panerabitch\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#6
DonnaB
Posted 25 September 2014 - 06:47 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

I apologize for her username. :P

:geek:


I ran the quick scan. Do you want me to post the log that came up…?

Yes, please. I see I overlooked asking you to post when I posted above. My bad!! :D

See if the computer will boot in normal mode and if you can get it connected.
  • 0

#7
Alyssachu
Posted 25 September 2014 - 07:26 PM

Alyssachu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 9/25/2014 7:54:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 70.75% Memory free
7.73 Gb Paging File | 6.62 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 25.51 Gb Free Space | 9.00% Space Free | Partition Type: NTFS
Drive D: | 6.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.76 Gb Total Space | 1.14 Gb Free Space | 30.43% Space Free | Partition Type: FAT32
 
Computer Name: CDENHOLM-PC | User Name: panerabitch | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/16 20:12:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2011/12/05 23:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/09 12:40:14 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/21 16:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 16:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 04:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2014/09/10 03:26:31 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/21 00:38:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/05 00:50:31 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/05/20 19:59:50 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/15 23:57:44 | 000,415,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2010/07/25 06:00:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/05/21 12:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/18 04:14:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 22:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/24 00:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/18 18:05:48 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/26 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/14 07:59:52 | 000,304,176 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/18 06:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/13 02:42:52 | 000,074,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 14:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/24 23:59:04 | 000,045,624 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp50.sys -- (PcaSp50)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{47595140-CDD5-46F0-B89F-823C36377106}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9F4A99A1-E7CA-465C-BC0F-139CD433045D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2730;https=127.0.0.1:2730
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2730;https=127.0.0.1:2730
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...670,0,GC37,7635
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\..\SearchScopes\{C8B5E233-4ACC-4B6A-808F-43BB793A0F9A}: "URL" = http://us.yhs4.searc...669,0,GC34,7635
IE - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/21 00:38:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/21 00:38:10 | 000,000,000 | ---D | M]
 
[2014/02/22 21:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/07/24 23:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/04/21 00:38:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/29 12:31:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/15 19:05:04 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\panerabitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_2\
CHR - Extension: No name found = C:\Users\panerabitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\panerabitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/09/25 19:21:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-480946883-1162494345-3413628172-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49E615A4-0F1A-4CD2-8B41-F800F02844E9}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57CE0F66-79E4-4A10-88BC-AF36F7C7817D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F0231F-2AAF-41B7-93CA-F5335D584933}: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{001e77ca-352b-11e4-bb50-0026b9ed7216}\Shell - "" = AutoRun
O33 - MountPoints2\{001e77ca-352b-11e4-bb50-0026b9ed7216}\Shell\AutoRun\command - "" = F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/24 17:23:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/17 23:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/09/17 22:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/09/17 22:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/09/17 20:14:21 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/17 20:13:53 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/17 20:13:53 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/17 20:13:53 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/17 20:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/17 20:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/01 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\panerabitch\AppData\Local\EmieUserList
[2014/09/01 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\panerabitch\AppData\Local\EmieSiteList
[2014/09/01 14:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/01 03:12:42 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/08/30 18:33:06 | 000,000,000 | ---D | C] -- C:\1c29c98221cf2f64d18bf6122a
[2014/08/30 17:52:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2014/08/30 03:16:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/30 03:15:40 | 000,000,000 | ---D | C] -- C:\b6f3d69ad5ed8a4f548b2e09952dc7
[2014/08/29 03:01:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2014/08/29 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2014/08/28 22:19:33 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2014/08/28 22:19:06 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[1 C:\Users\panerabitch\Documents\*.tmp files -> C:\Users\panerabitch\Documents\*.tmp -> ]
[1 C:\Users\panerabitch\Desktop\*.tmp files -> C:\Users\panerabitch\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/25 19:50:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/25 19:50:33 | 3111,550,976 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/25 19:48:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/25 19:48:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/25 19:47:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/25 19:41:21 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/25 19:36:19 | 000,930,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/25 19:36:19 | 000,215,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/25 19:36:19 | 000,006,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/25 19:21:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/09/23 18:01:04 | 000,280,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/23 17:31:26 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/18 00:06:38 | 000,005,037 | ---- | M] () -- C:\Windows\wininit.ini
[2014/09/17 20:54:54 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/17 20:50:22 | 000,000,000 | ---- | M] () -- C:\Users\panerabitch\AppData\Local\{AC6D42CE-5C55-4B64-943E-246A277C466A}
[2014/09/17 20:13:58 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/30 18:23:04 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/30 18:23:04 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/30 03:11:16 | 000,774,436 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\panerabitch\Documents\*.tmp files -> C:\Users\panerabitch\Documents\*.tmp -> ]
[1 C:\Users\panerabitch\Desktop\*.tmp files -> C:\Users\panerabitch\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/23 18:00:54 | 000,280,264 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/17 23:20:05 | 000,005,037 | ---- | C] () -- C:\Windows\wininit.ini
[2014/09/17 20:50:22 | 000,000,000 | ---- | C] () -- C:\Users\panerabitch\AppData\Local\{AC6D42CE-5C55-4B64-943E-246A277C466A}
[2014/09/17 20:13:58 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/30 18:23:04 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/30 18:23:04 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/28 22:20:36 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2014/08/28 22:18:42 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2014/08/28 22:18:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2014/08/28 22:18:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2014/08/28 22:18:10 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2014/02/09 21:14:48 | 000,002,763 | ---- | C] () -- C:\ProgramData\connector.swf
[2012/12/21 21:38:18 | 000,081,332 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
[2011/06/18 06:54:29 | 000,011,534 | -HS- | C] () -- C:\ProgramData\l727u6qd31hn2kq7144hchw2vtw41c5d5b4omb
[2011/05/30 18:02:43 | 000,004,588 | -HS- | C] () -- C:\ProgramData\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/25 06:13:20 | 000,010,368 | -HS- | C] () -- C:\ProgramData\p1bu2ri321xilw08u32yl2wnnkws
[2010/07/29 17:58:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/17 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\.purple
[2012/08/02 05:05:17 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\AtomZombieData
[2012/03/06 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Audacity
[2013/02/03 05:04:57 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\AVG2013
[2011/06/16 06:51:37 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Big Fish Games
[2011/09/15 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\COW
[2013/01/05 03:21:14 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Crayon Physics Deluxe
[2012/02/18 04:11:27 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\DAEMON Tools Lite
[2011/05/31 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Downloaded Installations
[2011/09/15 17:12:45 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Dropbox
[2011/04/26 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Dyyno
[2013/05/13 01:55:25 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\FEZ
[2014/08/06 03:08:31 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\fltk.org
[2011/05/17 02:11:59 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Gearbox Software
[2012/07/26 14:24:28 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\ghc
[2012/01/13 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\gtk-2.0
[2010/12/24 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\LolClient
[2012/05/23 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\LolClient2
[2012/10/03 00:03:08 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\MMFApplications
[2012/07/26 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/10/23 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\MotioninJoy
[2014/07/07 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\MPC-HC
[2012/06/09 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Mumble
[2014/09/11 11:54:32 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Nitro PDF
[2012/03/30 07:00:24 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Notepad++
[2012/07/17 14:13:42 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\PACE Anti-Piracy
[2011/05/29 03:27:00 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Polynomial
[2011/06/22 23:40:21 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\PotPlayer
[2011/06/13 06:34:39 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\PotPlayerMini
[2012/07/28 21:35:53 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Racket
[2012/08/30 19:23:09 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\RenPy
[2012/11/05 21:11:46 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Sega
[2014/06/14 15:58:34 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\SoftGrid Client
[2012/04/25 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Softpark
[2013/05/13 00:54:18 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\StarseedPilgrim
[2012/10/18 18:07:39 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\SystemRequirementsLab
[2012/01/07 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\To the Moon - Freebird Games
[2011/02/02 06:43:06 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\TP
[2013/02/03 04:53:20 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\TuneUp Software
[2012/07/17 14:21:13 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Unity
[2010/07/31 23:25:58 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\uqm
[2014/09/04 11:39:48 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\uTorrent
[2011/06/20 03:21:14 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\WinterVoicesDemo
[2011/12/13 22:41:25 | 000,000,000 | ---D | M] -- C:\Users\cdenholm\AppData\Roaming\Xilisoft
[2013/01/31 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/31 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/02/06 02:23:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2013
[2013/03/26 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PotPlayer
[2013/01/11 20:43:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\RenPy
[2014/02/27 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SoftGrid Client
[2014/01/21 15:54:06 | 000,000,000 | ---D | M] -- C:\Users\panerabitch\AppData\Roaming\AVG2013
[2014/09/03 19:13:58 | 000,000,000 | ---D | M] -- C:\Users\panerabitch\AppData\Roaming\KeepMySettingsX
[2014/09/18 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\panerabitch\AppData\Roaming\Nitro PDF
[2014/09/02 03:22:32 | 000,000,000 | ---D | M] -- C:\Users\panerabitch\AppData\Roaming\SoftGrid Client
[2013/01/31 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\panerabitch\AppData\Roaming\TuneUp Software
[2014/09/23 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\panerabitch\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences
 
< End of report >

  • 0

#8
DonnaB
Posted 25 September 2014 - 09:15 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Thank you!

You're going to have to uninstall more games, programs, etc. We are still at only 9% free space. :(

Drive C: | 283.40 Gb Total Space | 25.51 Gb Free Space | 9.00% Space Free | Partition Type: NTFS

I see two P2P Programs installed. Please go to Programs and Features to uninstall eMule and µTorrent. P2P Programs can invite spyware, viruses, Trojan horses, or worms into your computer. While you are uninstalling those programs, please uninstall the following along with whatever else you can find to uninstall to create the free space we need to fix this laptop.

Anything related Java (since it is outdated anyway)
PotPlayer" = Daum 팟플레이어

I am attaching another fix below for you to run.
  • Copy and paste ALL of the contents of the fix2.txt that is attached below into the Custom Scans/Fixes box at the bottom.
  • Click the Run Fix button at the top.
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
Attached File  fix2.txt   1.42KB   132 downloads

Next:

I'd like to see what FRST finds:

On a working computer:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Next:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste this log in your Topic.
In your next reply, please post the following logs:

C:\_OTL\Moved Files
FRST.txt

:)
  • 0

#9
Alyssachu
Posted 29 September 2014 - 11:18 AM

Alyssachu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have a problem… Ive tried so many times, but no matter what the "Repair My Computer" option doesnt show up. And I dont have a CD for the os… Only the Safe Mode options pop up, nothing for repairing the computer. :/

 

 

 

 

Here's the log I was told to post:

 

��========== OTL ==========
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
 
C:\Users\panerabitch\AppData\Local\{AC6D42CE-5C55-4B64-943E-246A277C466A} moved successfully.
 
File C:\Users\panerabitch\AppData\Local\{AC6D42CE-5C55-4B64-943E-246A277C466A} not found.
 
C:\ProgramData\connector.swf moved successfully.
 
C:\ProgramData\ezsidmv.dat moved successfully.
 
C:\ProgramData\l727u6qd31hn2kq7144hchw2vtw41c5d5b4omb moved successfully.
 
C:\ProgramData\621g73w1t32s28rbr6d2q484sxtka4h075t2 moved successfully.
 
C:\ProgramData\p1bu2ri321xilw08u32yl2wnnkws moved successfully.
 
========== COMMANDS ==========
 
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09292014_113329

  • 0

#10
DonnaB
Posted 30 September 2014 - 05:54 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hm? Ok......

Go ahead and run FRST from the USB Drive as follows:
  • Click on your Start orb then click on Computer.
  • Click on FRST.exe to ope the tool and click on Additions.txt found in the lower right of the window.
  • Click on Scan.
  • Allow the scan to run uninterrupted.
  • It should produce 2 logs. FRST.txt and Additions.txt on the USB Drive.
Please post both logs.

:)
  • 0

Advertisements

#11
Alyssachu
Posted 30 September 2014 - 06:29 PM

Alyssachu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I attached the logs to this post. :)

Attached Files


  • 0

#12
DonnaB
Posted 30 September 2014 - 07:14 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Great! Thank you for the logs.

Please remove the South Park (season 12) disc from the CD-ROM drive. ;) In the meantime, I'll be reviewing the log(s) and prepare our next move.

Thank you! :)
  • 0

#13
DonnaB
Posted 01 October 2014 - 07:54 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Alyssachu,

Please go to Start > Control Panel > Programs and Features, look for and uninstall the following, if found:

KeepMySettingsX

Fix with FRST

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Plug in the flash drive on the working computer:
  • Open notepad (Start > All Programs = > Accessories > Notepad).
  • Please copy the entire contents of the quote box below and paste into notepad.

    start
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    2014-09-03 19:13 - 2014-07-29 20:15 - 00000000 ____D () C:\Users\panera[bleep]\AppData\Roaming\KeepMySettingsX
    C:\Users\cdenholm\clingo.exe
    C:\Users\cdenholm\hw.bat
    C:\Users\cdenholm\pingtest.bat
    Task: {38DE1846-D015-4C90-88CA-6E6DA9D8C585} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
    Task: {83F24CFB-34BF-402A-A855-E81B3619ABFB} - System32\Tasks\KeepMySettingsX => C:\Users\panera[bleep]\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe [2014-09-03] (InstallX, LLC)
    Task: {EBD03628-21E8-4ACC-8156-162EE02F800D} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\cdenholm\AppData\Local\Temporary Internet Files:Dr4x8xYX1Qw4gis0Dq6hG8oqw4
    C:\Windows:nlsPreferences
    C:\Users\cdenholm\AppData\Local\Temporary Internet Files:Dr4x8xYX1Qw4gis0Dq6hG8oqw4
    CMD: netsh winsock reset catalog
    cmd: ipconfig /flushdns
    host:
    EmptyTemp:
    reboot:
    end

  • Click on File > Save as.., name it fixlist.txt and save it to the same flash drive where FRST.exe is located.
  • Transfer the flash drive to the problem computer and run the fix from the flash drive.
    Please note: The fix must be ran from the same location as FRST.exe
  • Once the flash drive has been inserted into the problem computer, go to Start > Computer
  • Click to open the flash drive then click on FRST.exe to open the program.
  • Press the Fix button.
  • Once complete, this will create a log (Fix.txt) on the flash drive. Please copy and paste this log in your reply.

  • 0

#14
Alyssachu
Posted 04 October 2014 - 11:17 AM

Alyssachu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02
Ran by panerabitch at 2014-10-04 13:13:57 Run:1
Running from F:\
Loaded Profile: panerabitch (Available profiles: cdenholm & panerabitch & Guest)
Boot Mode: Safe Mode (minimal)
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
2014-09-03 19:13 - 2014-07-29 20:15 - 00000000 ____D () C:\Users\panera[bleep]\AppData\Roaming\KeepMySettingsX
C:\Users\cdenholm\clingo.exe
C:\Users\cdenholm\hw.bat
C:\Users\cdenholm\pingtest.bat
Task: {38DE1846-D015-4C90-88CA-6E6DA9D8C585} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {83F24CFB-34BF-402A-A855-E81B3619ABFB} - System32\Tasks\KeepMySettingsX => C:\Users\panera[bleep]\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe [2014-09-03] (InstallX, LLC)
Task: {EBD03628-21E8-4ACC-8156-162EE02F800D} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\cdenholm\AppData\Local\Temporary Internet Files:Dr4x8xYX1Qw4gis0Dq6hG8oqw4
C:\Windows:nlsPreferences
C:\Users\cdenholm\AppData\Local\Temporary Internet Files:Dr4x8xYX1Qw4gis0Dq6hG8oqw4
CMD: netsh winsock reset catalog
cmd: ipconfig /flushdns
host:
EmptyTemp:
reboot:
end
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"C:\Users\panera[bleep]\AppData\Roaming\KeepMySettingsX" => File/Directory not found.
C:\Users\cdenholm\clingo.exe => Moved successfully.
C:\Users\cdenholm\hw.bat => Moved successfully.
C:\Users\cdenholm\pingtest.bat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38DE1846-D015-4C90-88CA-6E6DA9D8C585}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DE1846-D015-4C90-88CA-6E6DA9D8C585}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0214b_rel" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{83F24CFB-34BF-402A-A855-E81B3619ABFB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83F24CFB-34BF-402A-A855-E81B3619ABFB}" => Key deleted successfully.
C:\Windows\System32\Tasks\KeepMySettingsX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KeepMySettingsX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EBD03628-21E8-4ACC-8156-162EE02F800D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD03628-21E8-4ACC-8156-162EE02F800D}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0214b_rmv" => Key deleted successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\Users\cdenholm\AppData\Local\Temporary Internet Files" => ":Dr4x8xYX1Qw4gis0Dq6hG8oqw4" ADS not found.
"C:\Windows:nlsPreferences" => File/Directory not found.
"C:\Users\cdenholm\AppData\Local\Temporary Internet Files:Dr4x8xYX1Qw4gis0Dq6hG8oqw4" => File/Directory not found.
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
host: => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 15.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#15
DonnaB
Posted 04 October 2014 - 11:51 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Are you still unable to connect in normal mode?

How about in Safe Mode with Networking? Can you connect?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP