Loaned my pc to a relative and just got it back today.
Turned my system on and when the desktop loaded, a 'shutdown' msg appeared on the screen. Then a command prompt window opened that said-- joeware.net. It quickly disappeared and a blue screen came up and stayed there. I depressed power button to shut system off. Then I logged back in safe mode, which booted just fine.
I then logged into my laptop normally and noticed it's rather sluggish. Tried to delete some files that belonged to my relative and word pad even loaded slow. During the time my pc was loaned out, some new hd desktop backgrounds were saved to my system and tv shows were watched at various online sites like videobull.com----maybe something was picked up in there. I ran KasperskyAV but nothing detected.
Restarted system. Firefox msg came up on desktop -->Firefox Safemode, reset firefox....which I did. System is doing very strange things.
I also noticed, I'm having problems with microsoft updates. They're not installing properly. Used Microsoft fixit tool, to reset windows update components. It fixed some issues, but says update problem still there. I may have malware, please help! Appreciate all the assistance from you guys in the past.
OTL
OTL logfile created on: 12/10/2013 6:15:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.43 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 33.98% Memory free
3.12 Gb Paging File | 2.11 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 20.66 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.62% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/09/29 19:56:42 | 000,025,088 | ---- | M] () -- C:\Program Files\wrapper_inst\file_to_run.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2007/01/25 20:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2013/10/25 17:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 19:39:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/29 19:56:42 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\Program Files\wrapper_inst\file_to_run.exe -- (pcregservice)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/11/07 14:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 20:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/01 23:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 14:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/04/05 18:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/12/01 01:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions
[2013/12/01 01:40:22 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions\[email protected]
[2013/11/16 18:33:09 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9v5pc98z.default-1384654968161\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/15 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 10:02:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/03/05 03:46:20 | 000,445,223 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15317 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKCU..\Run: [MyDefragReminder] C:\Program Files\ConsumerSoft\My Defragmenter\DefragReminder.exe (ConsumerSoft)
O4 - HKLM..\RunOnceEx: [TITLE] Updates File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/10 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\runonce
[2013/12/09 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2013/12/01 00:54:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TO PRINT
[2013/11/25 22:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/11/20 09:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/11/15 10:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/14 20:59:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\job questions
[2013/11/12 16:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2013/11/12 16:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/12 16:08:28 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013/11/12 15:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/12/10 18:14:05 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 18:14:05 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 18:11:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 07:39:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/10 00:06:36 | 000,053,589 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2013/12/09 00:05:24 | 000,012,975 | ---- | M] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/08 23:20:16 | 038,726,675 | ---- | M] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/08 10:15:30 | 000,049,776 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2013/12/05 02:25:52 | 000,037,995 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2013/12/04 06:00:19 | 000,003,715 | ---- | M] () -- C:\Users\Owner\Documents\MH Resume.rtf
[2013/12/03 17:39:25 | 000,001,788 | ---- | M] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | M] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/02 01:32:11 | 000,001,695 | ---- | M] () -- C:\Users\Owner\Documents\sansa view.rtf
[2013/12/01 04:40:19 | 003,654,136 | ---- | M] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:58 | 006,678,730 | ---- | M] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/12/01 01:38:03 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/01 01:38:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/27 11:40:31 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/11/25 22:32:26 | 000,001,764 | ---- | M] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 19:17:34 | 000,002,717 | ---- | M] () -- C:\Users\Owner\Documents\social sec.rtf
[2013/11/24 21:56:32 | 000,002,638 | ---- | M] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/19 23:15:45 | 000,004,215 | ---- | M] () -- C:\Users\Owner\Documents\ralph.rtf
[2013/11/19 02:37:46 | 000,000,472 | ---- | M] () -- C:\Users\Owner\Documents\Menstruation.rtf
[2013/11/17 15:12:02 | 000,023,295 | ---- | M] () -- C:\Users\Owner\Documents\WISH LIST.rtf
[2013/11/16 18:21:04 | 000,009,749 | ---- | M] () -- C:\Users\Owner\Documents\a.rtf
[2013/11/12 16:38:52 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:38:51 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013/11/12 15:48:35 | 000,000,079 | ---- | M] () -- C:\Windows\WinInit.Ini
[2013/11/11 11:43:32 | 000,005,301 | ---- | M] () -- C:\Users\Owner\Documents\Hair Products to get.rtf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/08 23:18:11 | 038,726,675 | ---- | C] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/05 21:57:03 | 000,012,975 | ---- | C] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | C] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/01 04:35:06 | 003,654,136 | ---- | C] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:37 | 006,678,730 | ---- | C] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/11/25 22:32:17 | 000,001,764 | ---- | C] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 22:26:48 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/11/25 19:48:38 | 000,001,788 | ---- | C] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/11/24 21:26:03 | 000,002,638 | ---- | C] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/14 21:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 16:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 09:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 09:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 16:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 11:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 19:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/18 23:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/18 23:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 12:58:00 | 000,000,079 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 22:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 22:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 22:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 22:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 22:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 22:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 22:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 19:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 01:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 21:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 13:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 13:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 18:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 01:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/12/13 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2008/12/13 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2013/06/28 05:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 347878 bytes -> C:\Users\Owner\AppData\Roaming\desktop.ini:init
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
OTL EXTRAS
OTL Extras logfile created on: 12/10/2013 6:15:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.43 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 33.98% Memory free
3.12 Gb Paging File | 2.11 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 20.66 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.62% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system |
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system |
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA01E9-DCE9-49A8-B7ED-DA47DAF76B6B}" = protocol=6 | dir=in | app=c:\program files\lexmark\status center\lmsmc.exe |
"{07885F0E-9ED4-4E04-9E74-02CD1FEF4CF0}" = protocol=17 | dir=in | app=c:\program files\lexmark\status center\lmsmc.exe |
"{12D28B69-6529-4FE2-BC3B-9B24337B29BA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdftime.exe |
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | [email protected],-28546 |
"{151131AC-168A-4232-9DD8-8CD0C3447298}" = protocol=17 | dir=in | app=c:\program files\lexmark\psu\lmpsu.exe |
"{1CF315ED-8986-49CE-9893-96579A5B6F4D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1DA6627D-ECF2-4734-9165-4AA2DC62D8F4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfpswx.exe |
"{20DBD894-E623-4417-AE7D-0C3B22B063A8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfjswx.exe |
"{2667B39B-8337-48E5-901A-6D7FF5D32AE5}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmabscw.dll |
"{2841EB6B-A46E-469C-BD60-1D3F73608D6F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfpswx.exe |
"{39DD502B-A790-44B4-977B-347CDD81477F}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfamon.exe |
"{45A74E42-1D05-4E24-AC80-12FEE9B9272D}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32__bc.dll |
"{49919916-2E75-4A1B-A12D-C0B02B5155AD}" = protocol=6 | dir=in | app=c:\program files\lexmark\psu\lmpsu.exe |
"{509DD2D9-6892-4EEE-9B6F-885B867AACAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{520BDFEB-9C0F-44A1-BE41-B869A1FD9B88}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32__bc.dll |
"{577127DA-6C05-4C6B-8114-FABDAEB9237B}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"{577D8142-2C28-4698-B875-DBB5AD4300C5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{67368528-39B4-4A91-B5C9-FD01940B0BC2}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdffax.exe |
"{690D656D-B83A-473C-8CCC-1304A7652C5C}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32serv.dll |
"{6A7803E5-4B62-494A-932A-5C4273DAF7AC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | [email protected],-28544 |
"{7AB1FAE7-8B87-437C-B0A9-5A8374EBF777}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | [email protected],-28545 |
"{8B11D1FF-7EF6-4BCE-AC05-438F335F9DFC}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"{9DF9341D-90B0-4166-BC74-2694B094A5FF}" = protocol=17 | dir=in | app=c:\windows\twain_32\lexmark\networktwain\lexnetworkds.ds |
"{9F711964-2E83-4C6B-92EB-DDFA7262E8FC}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadilscn.exe |
"{A0FA1305-C834-4570-815A-7C929B8E3837}" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\frun.exe |
"{A2608910-52B6-4DB3-AEBF-BC20C68B97CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{A2FA9C88-B3FF-4874-A1C6-94EE083F5348}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A4DBE28E-0F3F-4677-9B5F-5AB29AC1F59C}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdffax.exe |
"{A5C0E5DF-6FF0-48A4-9E74-0FB4F620F8D6}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\frun.exe |
"{AA21B955-BD73-4644-A54C-E8B39502B117}" = protocol=17 | dir=in | app=c:\program files\lexmark\wirelesssetup\lmwpss.exe |
"{AEC6E3BE-CF56-449B-8A1F-6C938C819838}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdfjswx.exe |
"{B0C1420B-D56E-4F0C-85C9-0411423EFF38}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdftime.exe |
"{BE12B337-9137-4D1A-84C3-C2A57E8E31D4}" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadilscn.exe |
"{BE295BAC-23B6-4EC8-BF6F-37356E97FE98}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C24CBE1E-8C44-42EC-BF24-886868853584}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"{C24CD31C-B8EA-439B-86F6-E5592D0AE2DB}" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfamon.exe |
"{CE397E70-5250-4EB9-838A-0516FC90DA93}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{D104F9CD-BA95-4726-BA42-F629C9157E47}" = protocol=6 | dir=in | app=c:\program files\lexmark\wirelesssetup\lmwpss.exe |
"{D4A59D00-6092-4412-801E-DF8C63791EEA}" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmabscw.dll |
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | [email protected],-28543 |
"{DC4925AB-EBB3-430F-8254-8A6EE825F1C9}" = protocol=6 | dir=in | app=c:\windows\twain_32\lexmark\networktwain\lexnetworkds.ds |
"{E1F4796D-E780-4397-A313-846DC61451D0}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lextwprotocol.dll |
"{EDEFE32C-5FA7-4DAD-94B8-7B5B131A56FD}" = protocol=6 | dir=in | app=c:\program files\lexmark\networktwain\lextwprotocol.dll |
"{FC5DA010-742D-4C0A-B24C-D36AD08170E4}" = protocol=17 | dir=in | app=c:\program files\lexmark\networktwain\lmzzz_32serv.dll |
"TCP Query User{0D7A71CA-8A9E-48F0-8F93-892537A49B70}C:\program files\lexmark 6500 series\lxdfmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"TCP Query User{16A40DBD-722D-4635-AE0E-58DDA4F435AA}C:\program files\lexmark pro710 series\lmadimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"TCP Query User{1EAFEEBE-38C8-471E-915F-E9EC610479AB}C:\windows\system32\lxdfcoms.exe" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"TCP Query User{F9DB4E3E-AA91-45A3-8795-5FD2767886DA}C:\kav\kav7\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7\setup.exe |
"UDP Query User{1280E033-09EA-4E84-BE96-18E186625F54}C:\program files\lexmark 6500 series\lxdfmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 6500 series\lxdfmon.exe |
"UDP Query User{157C5482-8175-47F3-992A-C849ED8DA219}C:\program files\lexmark pro710 series\lmadimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark pro710 series\lmadimon.exe |
"UDP Query User{19E4C820-9C74-405E-8AAB-0F06C7589BA6}C:\windows\system32\lxdfcoms.exe" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"UDP Query User{E8EC4CE2-8951-48FB-B05A-7802C676C73C}C:\kav\kav7\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91566393-AD20-4B92-A81B-B17F31527DD4}" = My Defragmenter
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FLV Player" = FLV Player 2.0 (build 25)
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Lexmark Pro710 Series" = Lexmark Pro710 Series Uninstaller
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/10/2013 10:38:01 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:01 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:02 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:07 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:07 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:12 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/10/2013 10:38:12 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 9/3/2008 10:51:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 10:51:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 10:53:08 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9/3/2008 11:05:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 9/3/2008 11:06:13 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 11:06:13 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 11:07:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9/3/2008 11:11:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 9/3/2008 11:12:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.
Error - 9/3/2008 11:12:28 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
< End of report >
Edited by mango_nj, 11 December 2013 - 12:23 AM.