Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista really slow

Started by bamakodaker , Oct 07 2014 10:54 PM

Please log in to reply

#1
bamakodaker

Posted 07 October 2014 - 10:54 PM

Member

Member
470 posts

Compaq Presario PC SR5601P wireless thru Netgear N150 - WNA1100

Have better than DSL connection speed

Have seen notice on PC that it was seeking wireless signal - and seeking and seeking

I'm sure there is a lot of junk on here. I know things come up at Start that I don't know of but I'm not sure how to remove those. I'm not sure what I need to keep or not.

I GREATLY appreciate any and all suggestions!

bamakodaker

#2
zep516

Posted 08 October 2014 - 04:19 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

First

Please download OTL to your Desktop

Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox
and
Check the option for All under the Extra Registry section
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

#3
bamakodaker

Posted 10 October 2014 - 11:58 AM

Member

Topic Starter
Member
470 posts

Hello,

MUCH thanks!

Here you go!!

bamakodaker

OTL logfile created on: 10/10/2014 11:37:25 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OD\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 508.65 Mb Available Physical Memory | 56.91% Memory free
2.00 Gb Paging File | 1.05 Gb Available in Paging File | 52.33% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.29 Gb Total Space | 113.68 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
Drive D: | 10.59 Gb Total Space | 1.46 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

Computer Name: OD-PC | User Name: OD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/10 11:14:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OD\Desktop\OTL.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/08 11:48:08 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 11:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/03/02 19:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2013/01/31 04:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 04:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/07/28 18:06:20 | 000,297,440 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2011/07/28 17:06:32 | 008,247,264 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/09/26 21:09:08 | 001,041,728 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-121 revA\AirNCFG.exe
PRC - [2010/07/12 00:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-121 revA\ANIWConnService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/14 11:52:30 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/06/20 16:39:32 | 000,995,328 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/13 01:25:08 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-121 revA\ANPDApi.dll
MOD - [2011/07/28 17:06:32 | 008,247,264 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/09/26 20:16:34 | 000,290,816 | ---- | M] () -- C:\Program Files\D-Link\DWA-121 revA\wlanapp.dll
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McciServiceHost)
SRV - [2014/09/10 11:00:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/02/13 13:28:21 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/08 11:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/03/02 19:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/11/26 08:30:00 | 000,687,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/07/28 18:06:20 | 000,297,440 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/12 00:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-121 revA\ANIWConnService.exe -- (D_Link_DWA-121_WPS)
SRV - [2010/03/22 21:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rswgxdin.sys -- (rswgxdin)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pioqzmce.sys -- (pioqzmce)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ahbirwyb.sys -- (ahbirwyb)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/15 21:58:51 | 000,030,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/05/07 10:54:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/07/22 11:35:16 | 000,021,472 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/15 21:42:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/10/10 20:48:00 | 001,439,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2010/08/19 23:27:30 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (DRTL8192cu)
DRV - [2010/06/07 14:42:40 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 17:56:30 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/15 03:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/12 10:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/08/17 12:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2007/06/01 19:36:26 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WG111Tv.sys -- (WG111T)
DRV - [2006/11/16 15:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 15:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2001/08/17 21:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {417D0B41-D732-426B-9C61-67CA368A4AC0}
IE - HKLM\..\SearchScopes\{1B8CEAE1-DCF1-429D-B0E0-6AF463A37F0F}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{417D0B41-D732-426B-9C61-67CA368A4AC0}: "URL" = http://search.yahoo....ing}&fr=hp-psdt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\OD\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OD\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OD\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OD\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\OD\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OD\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\OD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\OD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.5_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfmphhfikndpfbllhdojajhgpmlnlef\1_0\
CHR - Extension: Google Talk Plugin = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: No name found = C:\Users\OD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 4.1) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-121] C:\Program Files\D-Link\DWA-121 revA\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{011AF1F3-A5BC-4224-B463-7A8D3BD75D87}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C12702-1A95-4F52-A479-58835FACFE7D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/12 08:28:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/10 11:14:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OD\Desktop\OTL.exe
[2014/10/09 13:26:24 | 000,000,000 | ---D | C] -- C:\Users\OD\AppData\Roaming\Mozilla
[2014/09/25 11:01:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/09/11 00:49:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/11 00:49:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/11 00:49:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/11 00:49:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/09/11 00:49:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/11 00:49:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/11 00:49:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/11 00:49:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/09/11 00:49:21 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/11 00:49:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/09/11 00:49:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/11 00:49:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/11 00:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/09/11 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/09/11 00:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/09/11 00:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/10/03 12:23:10 | 000,446,464 | -H-- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe

========== Files - Modified Within 30 Days ==========

[2014/10/10 11:24:01 | 000,000,896 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463257250-1168893030-382884525-1000UA.job
[2014/10/10 11:14:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OD\Desktop\OTL.exe
[2014/10/10 11:10:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/10 09:51:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/10 09:51:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/09 18:23:01 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463257250-1168893030-382884525-1000Core1ccaeb1661c180.job
[2014/10/09 18:00:06 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2014/10/09 18:00:01 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2014/10/08 10:49:16 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2014/10/08 05:28:00 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2014/10/08 01:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/08 01:48:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/09/30 01:54:08 | 000,028,342 | ---- | M] () -- C:\Users\OD\AppData\Roaming\wklnhst.dat
[2014/09/24 23:55:08 | 000,002,033 | ---- | M] () -- C:\Users\OD\Desktop\Google Chrome.lnk
[2014/09/22 01:41:56 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/11 00:34:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/11 00:27:01 | 000,643,488 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/11 00:27:01 | 000,120,310 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/11 00:13:55 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/10/19 01:24:12 | 000,037,370 | ---- | C] () -- C:\Users\OD\NICK UNA label.lsl
[2013/05/29 00:30:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\7fove7.dat
[2013/05/29 00:13:51 | 095,023,320 | ---- | C] () -- C:\ProgramData\3ej8l.pad
[2013/05/15 21:58:51 | 000,030,464 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/15 16:41:20 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/05/15 16:40:48 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/01/13 01:28:36 | 000,000,253 | ---- | C] () -- C:\Users\OD\AppData\Roaming\ANICONFIG_{6DAC0B08-7626-402B-8AB6-123CD29520D5}.ini
[2012/09/14 21:58:54 | 000,000,253 | ---- | C] () -- C:\Users\OD\AppData\Roaming\ANICONFIG_{FE298E4A-76A0-4DCC-A56D-5DF339DE5D24}.ini
[2011/12/05 20:53:43 | 000,008,724 | -HS- | C] () -- C:\Users\OD\AppData\Local\8f10in7w88e156
[2011/12/05 20:53:43 | 000,008,724 | -HS- | C] () -- C:\ProgramData\8f10in7w88e156
[2011/12/01 12:11:26 | 000,007,259 | ---- | C] () -- C:\Users\OD\AppData\Roaming\DownloadManagerFiles.xml
[2011/08/31 17:03:03 | 000,870,128 | ---- | C] () -- C:\Users\OD\AppData\Roaming\mcs.rma
[2011/08/31 17:03:03 | 000,000,004 | ---- | C] () -- C:\Users\OD\AppData\Roaming\2913B3
[2011/08/31 15:00:18 | 000,000,288 | ---- | C] () -- C:\Users\OD\AppData\Roaming\.backup.dm
[2011/08/01 23:30:51 | 000,008,864 | -HS- | C] () -- C:\Users\OD\AppData\Local\y46sfanjfs78b7643d
[2011/08/01 23:30:51 | 000,008,864 | -HS- | C] () -- C:\ProgramData\y46sfanjfs78b7643d
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\Users\OD\AppData\Local\ycte.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\tvjk.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\Users\OD\AppData\Local\guru.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\fgro.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\eqxu.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\Users\OD\AppData\Local\cpkh.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\Users\OD\AppData\Local\bmfa.exe
[2011/08/01 23:30:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\arcy.exe
[2011/05/24 13:07:12 | 000,000,144 | ---- | C] () -- C:\ProgramData\~33545976r
[2011/05/24 13:07:12 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33545976
[2011/05/24 13:06:51 | 000,000,336 | ---- | C] () -- C:\ProgramData\33545976
[2011/04/07 01:27:47 | 001,110,016 | ---- | C] () -- C:\Program Files\RogueKiller.exe
[2011/02/18 17:34:22 | 001,496,552 | ---- | C] () -- C:\Users\OD\HPPDU.exe
[2010/11/07 13:20:20 | 000,000,760 | ---- | C] () -- C:\Users\OD\AppData\Roaming\setup_ldm.iss
[2010/10/19 19:14:07 | 000,028,342 | ---- | C] () -- C:\Users\OD\AppData\Roaming\wklnhst.dat
[2010/09/22 18:56:47 | 000,001,732 | ---- | C] () -- C:\Program Files\QuickTime Player.lnk
[2009/02/11 13:51:30 | 000,211,456 | ---- | C] () -- C:\Users\OD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/08 17:17:16 | 000,000,680 | ---- | C] () -- C:\Users\OD\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D

< End of report >

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

===============================================================================================

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

OTL Extras logfile created on: 10/10/2014 11:37:26 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OD\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 508.65 Mb Available Physical Memory | 56.91% Memory free
2.00 Gb Paging File | 1.05 Gb Available in Paging File | 52.33% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.29 Gb Total Space | 113.68 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
Drive D: | 10.59 Gb Total Space | 1.46 Gb Free Space | 13.75% Space Free | Partition Type: NTFS

Computer Name: OD-PC | User Name: OD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02027502-8BFD-4E2F-AC64-10C9506A0AC6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0A14D88F-A2A2-4AF6-B999-333FD653BCDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{11E2D0AF-CE87-4C26-9CD9-510549D757BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D0941C7-C58F-4EAD-AADA-E860E69CE5F1}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F0162A9-022E-4EC6-8851-6F9B71D30C89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2103CEB2-408F-4F9E-8F49-BB362CF9B6B4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{294EDE30-BE43-4F79-8842-85B8A257C506}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{34A0AE97-859F-4D31-871F-E89B2213C81B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3651837C-FF76-4F7B-8BD7-FEEF4AC9D086}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37479EA9-2394-436D-B2D2-86DC8076292C}" = rport=139 | protocol=6 | dir=out | app=system |
"{5183CABD-364A-477F-A210-AA87E746583A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{62EB3DE2-F913-4ED9-BD28-8A337616C708}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{65EAB02C-D99B-4942-8E7E-08D2152EFEB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67F89501-78F0-4F4F-BB0C-9D6F61AF060E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7AB9428F-D463-452C-9D5E-1FF13885B642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8325A59C-F0FA-4185-9009-20A1B6A85419}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F66253D-4268-4632-A2B9-98EDDE72EB8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94765B0C-16CA-4DBA-B435-BEE489F0684D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9AB0560E-3050-4EC2-9452-636D34A44C9A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9CC71BE0-F85E-438E-990E-1E1956E59FE8}" = rport=445 | protocol=6 | dir=out | app=system |
"{A13D1FF2-0EF9-47A7-9A92-FEE12E309356}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2ABC994-8117-4985-873F-0BF208D6650C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CBA1F495-BEE7-4E7E-B41E-EB5E5689A218}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CF25D303-8EBD-4DDB-AD99-F32C704789F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{D4C751B3-8C59-4B3F-9C6C-2466AB987FE8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D78C54E9-9CF8-4D43-B70D-F087435EB36F}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD91DA65-9A74-4A59-9656-C015440F3374}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F18308DD-B102-48B0-878C-B65C52AA402C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F6E4FAAA-FAF1-446A-BED5-EDAD417C6592}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F81C4588-DDFA-4E5D-8631-8BC9D1148CF3}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E1EE4D-CFA8-4D40-8995-DBC015CFC9DB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{04ADDA57-D743-4D06-A68B-25C4E64CACA0}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{06E700F1-3870-4EB1-8B5C-174712FDD783}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{0919024D-CF53-4D6C-89F7-289180DE5240}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0DB53770-0C39-4BC8-92D6-13155C549764}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{16B1D47E-0F45-426D-9D7E-BAB2695AC8EA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1711F666-AB13-45BF-BA87-691483F997F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A730E7F-CF3C-4426-A8EE-C815C5F08DB2}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{204D0E58-0981-4692-83B1-84F65CCE5944}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DE6E2F1-0C98-4B94-84CA-6DCCF176D5CE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4B5867C2-EFD2-448F-8C0E-A180371BF540}" = protocol=1 | dir=out | [email protected],-28544 |
"{50E94794-C643-4901-AE99-563813C69B76}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{67C0ED89-84D7-4A5A-A999-DA51B83D1AEC}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{6888CDA4-D19C-4848-A918-C7E455A8FC5D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{69CE1F1A-54BC-4147-86AF-9BEB575E3680}" = protocol=1 | dir=in | [email protected],-28543 |
"{6A672069-8F37-4F88-A046-93D2AA577913}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7220BFF6-C419-4CCB-81D5-3E3B27E8E4EE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{74595403-4017-4CDE-B970-F02AE3628B18}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{84AC8B7D-C8D4-42C2-A11B-6AA2164025D2}" = protocol=58 | dir=in | [email protected],-28545 |
"{87AF19E1-E3CB-451F-9868-C5D25FEB92B5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8CFC1845-6946-4BD6-9F05-30D30A0D71E3}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{97A56A59-2655-4905-B8EC-8369E85A72CE}" = protocol=58 | dir=out | [email protected],-28546 |
"{9B215F41-0ADB-47FF-A0F6-008AFDFCD140}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A58FEA73-1071-4C25-995F-74BF3AC4B6B2}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{AFDF4A58-3016-4259-A5F6-DB342DA83234}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0AACF1B-B5AA-4948-8AB8-DBDF7C4D50A7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{CB9F1AA2-5CE2-45CD-AFA7-DCC5766960CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC1BE4C9-8622-4B61-8407-66B1EAC3E141}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{E7BDB9E5-7F9D-4A90-A5C9-837F39C3B8D2}" = protocol=58 | dir=in | [email protected],-148 |
"{EA254C42-226C-47CA-A983-719917935E73}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{EABEE8A3-C8DE-4240-B000-576E046F0F5B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F232D5D8-339E-4013-B589-0704DFA4944A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB6CA378-71EB-48B1-8599-82735C7CD38B}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{FEB9AE34-F74C-4476-9926-C65723A683C2}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{0F325916-5CA2-4D3F-80F6-C2FBE0E1D586}C:\users\od\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\od\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{7AB42EAC-E229-4F39-A359-657AD3A06009}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DB47497B-40D6-49A2-9D49-8A0B3E14334A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F01D6D02-9C13-4341-8F82-686AD0252B2A}C:\program files\bitpim\bitpimw.exe" = protocol=6 | dir=in | app=c:\program files\bitpim\bitpimw.exe |
"UDP Query User{05F3EBED-4AAE-40F7-A958-E020C9FD9464}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1A701522-E5B2-4883-A0DE-8714F44A371E}C:\program files\bitpim\bitpimw.exe" = protocol=17 | dir=in | app=c:\program files\bitpim\bitpimw.exe |
"UDP Query User{645DA50B-B040-4BE7-9729-C175D99F99F0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B10A1A5C-383A-4449-A992-80A862BC05ED}C:\users\od\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\od\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Bluetooth by hp 6.1.0.4600
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09764316-ABC4-4469-AD5B-D3EACE45EE3D}" = Drivers For Free
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51051DC1-4D39-4702-B00F-11375FA9B146}" = VZAccess Manager
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{546BBBC1-F860-4FDE-B0A8-2FF92F54810F}" = Verizon Wireless UM190 Firmware Updates
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = HUE HD Webcam
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90DAB4CD-4D2B-42DA-AA50-86B30C1EA00C}_is1" = Active Pixels 3.05
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{ACB879B8-19A7-4310-BD93-5D745CA6B798}" = D-Link DWA-121
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0CC75CD-F5B7-46AD-B016-17C0F5171718}" = Apple Mobile Device Support
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{DF0E7912-4A45-4B24-B472-E521C4D2C663}" = Adblock Plus for IE (32-bit)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32DC846-4457-40A8-BECA-BCC0E960BC53}" = iTunes
"{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}" = Google Talk Plugin
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{fd97d1e2-368a-4cd9-af63-8eeff938044a}" = Adblock Plus for IE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Any Video Converter_is1" = Any Video Converter 3.3.5
"ATT-ATT Management Agent" = ATT Management Agent
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fast Free Converter" = Fast Free Converter
"Free Windows Cleanup Tool" = Free Windows Cleanup Tool
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.17.1863" = Opera 12.17
"PC Optimizer Pro" = PC Optimizer Pro
"PC Wizard 2010_is1" = PC Wizard 2010.1.95
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"sp44626" = sp44626
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-d8448b86-7849-45c9-b63f-76a71541539d" = Word Web Deluxe
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1463257250-1168893030-382884525-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2014 12:44:52 AM | Computer Name = OD-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2014 12:52:42 AM | Computer Name = OD-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.5.0.228, time
stamp 0x4fbf6b79, faulting module Flash32_12_0_0_77.ocx_unloaded, version 0.0.0.0,
time stamp 0x5314f58e, exception code 0xc0000005, fault offset 0x03ab77c4, process
id 0xae0, application start time 0x01cf878c0512b1a2.

Error - 7/2/2014 11:17:42 AM | Computer Name = OD-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/2/2014 11:26:05 AM | Computer Name = OD-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.5.0.228, time
stamp 0x4fbf6b79, faulting module Flash32_12_0_0_77.ocx_unloaded, version 0.0.0.0,
time stamp 0x5314f58e, exception code 0xc0000005, fault offset 0x046e77c4, process
id 0xe78, application start time 0x01cf9608df2dfe10.

Error - 7/9/2014 12:20:22 PM | Computer Name = OD-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/11/2014 2:56:27 AM | Computer Name = OD-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2014 6:46:15 PM | Computer Name = OD-PC | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.183.21, time stamp
0x4b95e661, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27,
exception code 0xc0000005, fault offset 0x00049420, process id 0x43a30, application
start time 0x01cf9fb364c0c019.

Error - 7/28/2014 3:07:57 PM | Computer Name = OD-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2014 1:07:40 AM | Computer Name = OD-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16561 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a6a5c Start Time: 01cfb5e840ffec95 Termination Time: 0

Error - 8/16/2014 12:51:33 PM | Computer Name = OD-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/8/2014 2:52:25 AM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/8/2014 12:17:22 PM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/8/2014 12:17:40 PM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/8/2014 12:18:06 PM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/8/2014 12:18:12 PM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/10/2014 11:59:17 AM | Computer Name = OD-PC | Source = DCOM | ID = 10010
Description =

Error - 10/10/2014 11:59:33 AM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/10/2014 11:59:42 AM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/10/2014 12:00:03 PM | Computer Name = OD-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/10/2014 12:22:44 PM | Computer Name = OD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

#4
zep516

Posted 10 October 2014 - 02:47 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,
Please remove these programs from your programs an features list. Click > start > control panel > Programs an Features. Remove the following programs:

Fast Free Converter
Free Windows Cleanup Tool, These programs are not the best to install.
PC Optimizer Pro
Java 7 Update 21, old versions of java are a security risk.
Java SE Runtime Environment 6 Update 1

Next removing files with OTL.
Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2012/11/26 08:30:00 | 000,687,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
IE - HKLM\..\SearchScopes\{1B8CEAE1-DCF1-429D-B0E0-6AF463A37F0F}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
O2 - BHO: (Fast Free Converter 4.1) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O3 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O15 - HKU\S-1-5-21-1463257250-1168893030-382884525-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
[2014/10/09 18:00:06 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2014/10/09 18:00:01 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2014/10/08 10:49:16 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2014/10/08 05:28:00 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D

:Files

ipconfig /flushdns /c
C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\ParetoLogic Update Version2.job

:Commands
[emptytemp]
[resethosts]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

Next checking for additional adware.

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner

Next checking for adware again.

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply to me I need to see these log reports.
OTL Fix log. That log report pops up in front of after you run the fix and the computer reboots, copy it and paste it to me
AwCleaner log report after you run the Clean option.
JRT.txt Log report.
New Otl after quick scan is performed.

Thanks
Joe

#5
bamakodaker

Posted 12 October 2014 - 11:49 PM

Member

Topic Starter
Member
470 posts

Hello,

Thank you for your time and advice.

I thought I might be able to select all the mentioned programs and remove them in a lump - that's not an option!

I selected Fast Free Converter and started removing it. Wow. Takes a L O N G time! I got a window saying it had finished removing program. When I tried to remove a 2nd program I got a window/flag saying I had to wait until it had finished removing the first program. I waited a while with no change. I couldn't restart computer because that remove program had the computer tied up. I eventually did get to restart computer, I thought the delay with the computer was because it would need restarting after it removed each program. At restart it goes to the 'computer did not properly shut down, do you want to start normally or choose another option'. I chose Start Normal, it goes to a black screen and stays there.

Suggestions?

bamakodaker

Edited by bamakodaker, 12 October 2014 - 11:51 PM.

#6
zep516

Posted 18 October 2014 - 11:44 AM

Trusted Helper

Malware Removal
8,093 posts

I'm sorry I missed your post.

Where do we stand now ?

Thanks
Joe

#7
bamakodaker

Posted 19 October 2014 - 12:23 AM

Member

Topic Starter
Member
470 posts

Joe,

I'm dead in the water. See my post above. I can not get the computer to boot up!

HELP

Please

bamakodaker

#8
zep516

Posted 19 October 2014 - 09:19 AM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Lets try this

You will need a USB stick and an access to a clean machine to download FRST.
Hope it's possible? If not, let me know.

Scan with Farbar Recovery Scan Tool from the Recovery Environment

Please download Farbar Recovery Scan Tool and save it to your flash drive.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this will be the right one.
Plug the flash drive into the infected PC.

Enter the System Recovery Options

Enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt.

Access the notepad and identify your USB drive

In the Command Prompt please type in notepad.exe and press Enter.

When the notepad opens, go to File menu.
Select Open.
Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

Type in e:\frst.exe and press Enter.
You need to replace e with the letter of your USB drive taken from notepad!
Please mind also that for 64-bit systems you need to type in FRST64.exe!
FRST will start to run. Give him a minute or so to load itself.
Click Yes to Disclaimer.
In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Please include the content of that logfile in your next reply.

#9
bamakodaker

Posted 19 October 2014 - 04:19 PM

Member

Topic Starter
Member
470 posts

Not able to start anything!

Copied frst & frst64 to USB drive, followed instructions, Command Prompt could not find files or rather the Pathway

I thought maybe I had a password protected USB drive so I found an older, simpler USB drive

Same problem.

I went back into Notepad to look for drive, I opened the drive and could not see the frst files.

In Notepad I changed the Files of Type from Text Documents to All Files,

I could see the frst files now.

I went back to Command Prompt and re-entered the (proper file drive letter)\frst.exe then frst64.exe - nothing with either

Command Prompt shows - The system cannot find the path specified.

I'm open to suggestions and appreciate all suggestions.

bamakodaker

#10
zep516

Posted 19 October 2014 - 05:37 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Forgot to ask you. Will the computer boot to safe mode ? Power the computer off, then turn on, keep tapping the F8 Key.

Let me know what happens there.

Thanks
Joe

#11
bamakodaker

Posted 19 October 2014 - 08:24 PM

Member

Topic Starter
Member
470 posts

Yes, it will go to Safe Mode. F8 allowed me to follow your instructions above in this thread's post #8.

I understand that since I'm not much of a computer tech person there may be a problem with my following your words or descriptions.

If things do not go right I will do my best to explain what I've done so that I may keep you informed.

bamakodaker

#12
zep516

Posted 19 October 2014 - 08:39 PM

Trusted Helper

Malware Removal
8,093 posts

Don't do anything.

Boot the computer again to the Advanced boot options menu. Black screen with white letters same screen you went to for Safe Mode. This time select SafeMode with networking.

Then we will just download a new copy of frst to the desktop

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Post both log reports.

FRST.txt
Addition.txt

Do not surf the internet in SafeMode with networking, just download FRST that's it.

#13
bamakodaker

Posted 19 October 2014 - 09:03 PM

Member

Topic Starter
Member
470 posts

I selected Safe Mode with Networking

computer went to a black background screen with white lettering scrolling down

it went through that for a while then settled to the black screen just like in post #5 of this thread

nothing there but the white cursor

#14
zep516

Posted 20 October 2014 - 05:08 PM

Trusted Helper

Malware Removal
8,093 posts

OK,

That's what I wanted to know, if the computer would simply boot to safemode but unfortunately it does not.

Let me get back to you bamakodaker, I'm currently clearing a few others out.

Thanks
Joe