Computer at work is infected with malware. Need help. Looks like MyPCcleaner or something like that, i can't remember. Malwarebytes found almost 200 items and quaranteend them but still having issues.
Fix me please, stupid malware [Solved]
Started by
Shady
, Oct 13 2014 08:03 PM
-
This topic is locked
#2
Posted 13 October 2014 - 08:20 PM
Shady
- Topic Starter
-
- Member
-
- 202 posts
Member
OTL logfile created on: 10/13/2014 9:12:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 3.76 Gb Available Physical Memory | 62.81% Memory free
12.09 Gb Paging File | 9.59 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 445.31 Gb Free Space | 76.45% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 1.91 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Computer Name: ERIN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/10/13 21:12:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2014/10/01 00:55:00 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/27 16:56:04 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/10 01:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/10 01:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/19 12:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/02/09 21:29:56 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 14:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/01 00:54:58 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
MOD - [2014/10/01 00:54:57 | 008,911,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
MOD - [2014/10/01 00:54:52 | 000,310,088 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libexif.dll
MOD - [2014/10/01 00:54:51 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 01:22:04 | 000,906,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/09 21:36:44 | 001,703,936 | ---- | M] () -- C:\Users\John\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/02/09 21:29:10 | 003,756,032 | ---- | M] () -- C:\Users\John\AppData\Roaming\PictureMover\Bin\Core.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/09/25 10:24:39 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 17:55:26 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/07 18:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/12/08 21:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/12 20:49:40 | 000,882,792 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/02/26 06:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 09:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 07:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9090374E-E74F-4310-B227-600F3700693C}
IE:64bit: - HKLM\..\SearchScopes\{9090374E-E74F-4310-B227-600F3700693C}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {9090374E-E74F-4310-B227-600F3700693C}
IE - HKLM\..\SearchScopes\{9090374E-E74F-4310-B227-600F3700693C}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\..\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.searchtool.com/?opts=no [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {2d459905-ebdc-4f46-a68c-ba26934e70ff}
IE - HKCU\..\SearchScopes\{2d459905-ebdc-4f46-a68c-ba26934e70ff}: "URL" = http://www.findamo.c...s}&cid=4151ch=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search The Web"
FF - prefs.js..browser.search.order.1: "Search The Web"
FF - prefs.js..browser.search.selectedEngine: "Search The Web"
FF - prefs.js..browser.startup.homepage: "http://www.findamo.c...?&cid=4151ch=2"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/05/29 21:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2014/10/13 20:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\58gllyc7.default\extensions
[2014/10/12 12:18:54 | 000,000,806 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\58gllyc7.default\searchplugins\Search The Web.xml
[2014/09/25 10:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 10:24:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhdpjpojoipgpmfanmedjghaligalgb\2.3.2_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhdpjpojoipgpmfanmedjghaligalgb\2.3.2_0\js\web-server-chrome\.scratch
CHR - Extension: First user = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: First user = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bngjhgpcofckfokhoplbnjodbimjohkm\0.0.2.14_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.916.0.7_0\
CHR - Extension: First user = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.240.2_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec\1.0.2_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2014.1007.433.2_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oieclmddeijbdilojgahahcjmjkhbilp\1.0.1_0\
CHR - Extension: First user = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.169.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A4CFEA-4151-4588-A37A-5403FF50E6F4}: DhcpNameServer = 192.168.169.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88CD461A-C2E4-4E35-A5B7-784C2E64C2A3}: DhcpNameServer = 192.168.169.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/10/12 12:18:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Video Performer
[2014/10/12 12:17:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Performersoft
[2014/10/02 18:01:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Apple Computer
[2014/10/02 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/02 13:50:24 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/10/02 13:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/10/02 13:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/10/02 13:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/02 13:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/02 13:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/10/02 13:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/10/02 13:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/10/02 13:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/10/02 13:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/10/02 13:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/10/02 13:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/10/02 13:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/09/27 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Spotify
[2014/09/27 16:55:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Spotify
[2014/09/25 10:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2014/10/13 21:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/13 20:56:29 | 000,758,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/13 20:56:29 | 000,641,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/13 20:56:29 | 000,119,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/13 20:55:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/13 20:50:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/13 20:50:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/10/13 20:50:43 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/13 20:50:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/13 20:50:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/13 20:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/13 20:29:08 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/13 20:23:06 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/10/09 21:19:13 | 000,005,324 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2014/10/07 19:11:17 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/02 13:50:27 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/09/27 16:56:12 | 000,001,708 | ---- | M] () -- C:\Users\John\Desktop\Spotify.lnk
[2014/09/23 17:55:25 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/23 17:55:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014/10/13 20:50:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/02 13:50:27 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/02 13:48:52 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/09/27 16:56:12 | 000,001,708 | ---- | C] () -- C:\Users\John\Desktop\Spotify.lnk
[2014/09/27 16:56:12 | 000,001,694 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/06/19 17:58:36 | 000,000,732 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps64.dat
[2014/05/31 18:07:36 | 000,751,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/30 12:20:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2014/05/30 12:20:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2014/05/30 12:20:02 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2014/05/29 17:11:30 | 000,005,324 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 11:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
#3
Posted 13 October 2014 - 08:22 PM
Shady
- Topic Starter
-
- Member
-
- 202 posts
Member
OTL Extras logfile created on: 10/13/2014 9:12:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 3.76 Gb Available Physical Memory | 62.81% Memory free
12.09 Gb Paging File | 9.59 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 445.31 Gb Free Space | 76.45% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 1.91 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Computer Name: ERIN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 78 41 CE 89 77 7C CF 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02421D7C-8CB3-4D87-8357-C5F9228FA478}" = rport=137 | protocol=17 | dir=out | app=system |
"{06250420-51D4-4518-8F22-122EF3BD925F}" = rport=445 | protocol=6 | dir=out | app=system |
"{0DA2019F-3D93-4A68-9DFB-9C2230A5AB37}" = lport=445 | protocol=6 | dir=in | app=system |
"{237A4FC3-A281-42D4-8701-3DBA63E31F30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2521E4B2-6F9F-4D40-8004-1751FFA005A0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{4252ED7E-5097-4FAC-BF04-7CF30AD57D39}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{57152643-77E3-4A71-A347-71E62091E665}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7519FC90-1FCF-44D3-A107-9EB453F2F0F8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{85DE38D9-9C56-4CF6-85EB-AF43DE6C462C}" = lport=139 | protocol=6 | dir=in | app=system |
"{91E0AB84-2A3B-463A-B159-D8F88424E611}" = lport=137 | protocol=17 | dir=in | app=system |
"{99FBC18D-76C2-42B7-82A9-DF29273DA5B9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9DDBA8C4-7027-4CEE-B7DD-D1BE5C9EF216}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A31FD8DD-DC28-4ADB-A0A0-E131D1FFA098}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8598A98-6679-4491-9103-D7EC4F177B4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAD01996-B59F-44F8-815F-86BD5B63C497}" = lport=138 | protocol=17 | dir=in | app=system |
"{C54248FF-B6B3-4C12-BF70-50572AB7EEFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB42BF56-EF3E-4AE4-AC0F-55DB87A3EAFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{E881A251-54FF-4826-B58A-5551A57FA27C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF638EE7-A269-4C9B-919D-5A44800A5B86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040DD068-42C2-46FE-8EC5-D3CF590F1EED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19F6DA36-7D8A-4718-830F-5671B9FD245D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{31F42308-1B14-4820-82C0-77FC300358DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41B65F85-5D7B-4FCE-B1BD-7AE6E8E7F203}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{57A4E632-5E2E-4EC2-9253-EC0570E04D80}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58CA1D22-E164-4E54-9F38-18C998636386}" = protocol=1 | dir=in | [email protected],-28543 |
"{66348E5B-B4A9-48AA-A35C-FD4991B03A63}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{8FB255A4-1C14-4633-A489-CF362E8E7934}" = protocol=58 | dir=in | [email protected],-28545 |
"{908B2996-F95C-4076-8AC9-D1511EAED398}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A6E03678-F12B-4FB6-ADEC-CFC5FECEBFE9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{BB3DB187-F7FE-40DA-B0E2-E7D4AC7EFB0C}" = protocol=1 | dir=out | [email protected],-28544 |
"{CB331655-A495-415B-B7B3-240E685C0202}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CC12505A-5EBD-4EDE-8568-690B15063661}" = protocol=58 | dir=out | [email protected],-28546 |
"{D2684BA6-02B8-4A42-ACFA-4B94F2B18EDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D47A9FEF-7636-457C-BB04-4CBB373A13E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{EC3EE811-5F3A-4FD3-9531-F51FEF23C3E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{FAFA3520-97A9-4085-8765-363A4E586157}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{8F722611-B173-4390-8CBC-3D9AEDBC597D}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E4AE09BD-5C87-4C1C-BB2A-29B18CA8A0DD}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = WordPerfect Office IFilter 64-bit
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1CC3939A-948E-461D-8FA9-2BE5C9A9C639}" = Pattern Editor
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = WordPerfect Office IFilter 32-bit
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682A64A6-4B5C-4BE7-9440-98E5F3F3AF36}" = Pattern Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{852E893E-E4FD-45BB-8B17-72ADDF686974}" = TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"pywin32-py2.6" = Python 2.6 pywin32-212
"SantaCountdown_is1" = SantaCountdown 1.0
"VLC media player" = VLC media player 2.1.3
"WildTangent hp Master Uninstall" = HP Games
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Video Performer" = Video Performer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2014 11:55:27 AM | Computer Name = Erin-PC | Source = Application | ID = 0
Description =
Error - 9/13/2014 8:31:27 AM | Computer Name = Erin-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/20/2014 11:52:31 PM | Computer Name = Erin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16575 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 20b4 Start Time: 01cfd5391cd72660 Termination Time: 25
Error - 9/22/2014 11:33:02 AM | Computer Name = Erin-PC | Source = Application Hang | ID = 1002
Description = The program PatternManager.exe version 1.11.0.2 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 3634 Start Time: 01cfd679a6386b80 Termination Time: 44712
Error - 9/23/2014 2:03:21 PM | Computer Name = Erin-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 32.0.2.5373 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ff8 Start Time: 01cfd7366561cda0 Termination Time: 13
Error - 9/23/2014 2:03:22 PM | Computer Name = Erin-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 32.0.2.5373, time
stamp 0x541a8277, faulting module mozalloc.dll, version 32.0.2.5373, time stamp
0x541a4d44, exception code 0x80000003, fault offset 0x0000141b, process id 0x318c,
application start time 0x01cfd7366ca69500.
Error - 9/25/2014 10:07:30 AM | Computer Name = Erin-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/25/2014 10:49:26 PM | Computer Name = Erin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16575 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c20 Start Time: 01cfd92dda61e450 Termination Time: 15
Error - 9/26/2014 8:16:18 AM | Computer Name = Erin-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/2/2014 3:44:58 PM | Computer Name = Erin-PC | Source = Application Error | ID = 1000
Description = Faulting application iTunes.exe, version 11.4.0.18, time stamp 0x54045c47,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x3fee1e00, process id 0x3b68, application start time 0x01cfde71be85e370.
[ System Events ]
Error - 7/5/2014 10:27:17 AM | Computer Name = Erin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.169.14 for the Network Card with network
address 00261832C99E has been denied by the DHCP server 192.168.1.250 (The DHCP
Server sent a DHCPNACK message).
Error - 7/5/2014 10:34:35 AM | Computer Name = Erin-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00261832C99E. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 7/5/2014 10:40:11 AM | Computer Name = Erin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.169.14 for the Network Card with network
address 00261832C99E has been denied by the DHCP server 192.168.1.250 (The DHCP
Server sent a DHCPNACK message).
Error - 7/5/2014 10:42:26 AM | Computer Name = Erin-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00261832C99E. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 7/5/2014 10:43:05 AM | Computer Name = Erin-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00261832C99E. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 7/5/2014 10:44:22 AM | Computer Name = Erin-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00261832C99E. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 7/5/2014 12:31:40 PM | Computer Name = Erin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.169.14 for the Network Card with network
address 00261832C99E has been denied by the DHCP server 192.168.1.250 (The DHCP
Server sent a DHCPNACK message).
Error - 7/5/2014 1:13:11 PM | Computer Name = Erin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.169.14 for the Network Card with network
address 00261832C99E has been denied by the DHCP server 192.168.1.250 (The DHCP
Server sent a DHCPNACK message).
Error - 7/5/2014 2:21:36 PM | Computer Name = Erin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.169.14 for the Network Card with network
address 00261832C99E has been denied by the DHCP server 192.168.1.250 (The DHCP
Server sent a DHCPNACK message).
Error - 7/5/2014 2:24:03 PM | Computer Name = Erin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.128 for the Network Card with network
address 00261832C99E has been denied by the DHCP server 192.168.169.1 (The DHCP
Server sent a DHCPNACK message).
< End of report >
#4
Posted 14 October 2014 - 08:55 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Hi Shady,
Computer at work is infected with malware.
We are sympathetic to your dilemma, however, we are an all volunteer organization. Offering service to those who are working in a professional capacity (i.e. the computer at your work place) is beyond our desire or ability. This was stated in the Terms of Use that you agreed to when you joined.
I will close your topic.
#5
Posted 14 October 2014 - 09:17 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
