Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer shutting down by itself [Closed] [Solved]

Started by ckb0118 , Apr 13 2014 09:24 AM

  • This topic is locked This topic is locked

#1
ckb0118
Posted 13 April 2014 - 09:24 AM

ckb0118

    Member

  • Member
  • PipPip
  • 75 posts

Hello, I am helping my mom with her computer.  She has Windows Vista, an HP desktop w1907.  I think I posted a year and a half ago and had to replace a bad hard drive. 

For the past month, my mom has occasionally experienced the computer shutting down by itself.  It seems it most often happens when whatching online videos. 

AVG waqs installed on the computer but was expiring.  I first installed Malwarebytes and it did find somethings. I then restored to an earlier restore point, which seemed to help.  Then I uninstalled AVG and installed the free Avira. 

She is still experiencing the shutdown, noticablly when watching clips online.

 

I have attached the Blue Screen I experienced when trying to play something.  

 

I have tried several times to run OTL, but I keep getting the same Not resopnding message as soon as I start it. 

 

Thank you in advance for your help!

 

photo.JPG

 

 

Attached Thumbnails

  • Capture.JPG

  • 0

Advertisements

#2
Valinorum
Posted 13 April 2014 - 10:17 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Leave OTL.exe as it is for about thirty minutes or more. If it still does not response, report me and I will suggest you an alternative.
  • 0

#3
ckb0118
Posted 13 April 2014 - 10:20 AM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Ok, I will, thank you. 

 

I did a windows memory test and these 2 text were on my desktop when I restarted. I think I had left the OTL up?

 

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
 
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
 

  • 0

#4
Valinorum
Posted 13 April 2014 - 12:36 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Let's see the OTL log first. :)
  • 0

#5
ckb0118
Posted 13 April 2014 - 01:24 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

When I came back to my computer, it had shut itself off and just had a blank screen.  I looked for a OLT text file, but it did not create one.  I did however come across one that I attemped to create 2 weeks ago.  It also created and Extras file.  Here it is and in the mean time I will try again. 

 

 

OTL logfile created on: 3/30/2014 2:01:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 76.21% Memory free
5.95 Gb Paging File | 5.44 Gb Available in Paging File | 91.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 761.54 Gb Free Space | 81.75% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/30 14:00:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.com
PRC - [2014/03/30 13:47:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2014/02/15 09:51:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/15 09:51:36 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/11 15:03:08 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 09:51:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/15 20:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/26 16:29:16 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/02 20:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/27 17:01:58 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 17:01:58 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/27 17:01:57 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/04 19:07:44 | 000,069,224 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/02 16:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 16:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 22:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 A7 2B F2 F4 CC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B65030561-c150-4370-836c-7c9d04f7a1b4%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140326060057
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/16 16:50:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/07/02 18:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/03/28 12:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions
[2014/03/28 12:06:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/10 07:41:40 | 000,037,883 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{65030561-c150-4370-836c-7c9d04f7a1b4}.xpi
[2014/02/25 20:33:26 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/02 18:09:47 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/07/02 18:09:22 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\Bing.xml
[2013/07/03 11:19:08 | 000,001,720 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\sweetim.xml
[2014/02/15 09:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/15 09:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 09:51:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/30 14:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2014/03/30 14:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/03/30 14:39:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC5BDC7-4C3E-401D-A070-D4F72819CBD3}: DhcpNameServer = 192.168.254.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\beach2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\beach2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/17 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/17 16:15:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/17 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/13 03:03:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/13 03:03:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/13 03:03:19 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/13 03:03:18 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/13 03:03:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/13 03:03:16 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/13 03:03:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/13 03:03:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/12 06:19:29 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/12 06:19:28 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/12 06:19:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/12 06:19:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/03/07 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2014/03/07 17:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/30 13:46:46 | 002,436,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/30 13:46:46 | 000,741,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/30 13:42:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 13:37:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 13:37:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 13:37:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 13:36:50 | 238,371,882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/30 13:32:53 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2014/03/25 16:35:50 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/25 16:35:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/17 16:15:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/13 09:06:20 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/13 09:06:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2014/03/13 09:02:06 | 000,270,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/11 15:03:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/11 15:03:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/07 17:23:34 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/03/07 17:20:17 | 000,062,684 | ---- | M] () -- C:\Users\Owner\Documents\tag.jpg
 
========== Files Created - No Company Name ==========
 
[2014/03/17 16:15:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/07 17:23:34 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/03/07 17:15:08 | 000,062,684 | ---- | C] () -- C:\Users\Owner\Documents\tag.jpg
[2013/07/02 18:05:05 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 17:02:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 16:50:46 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 16:50:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/04/25 19:44:50 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/25 19:44:50 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/25 18:39:20 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2013/03/25 10:09:07 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/14 03:04:37 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/12/16 18:39:25 | 000,122,798 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012/12/16 18:39:25 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012/12/03 21:43:08 | 000,006,656 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 09:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 09:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 
 
 
And the extras:
 

OTL logfile created on: 3/30/2014 2:01:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 76.21% Memory free
5.95 Gb Paging File | 5.44 Gb Available in Paging File | 91.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 761.54 Gb Free Space | 81.75% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/30 14:00:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.com
PRC - [2014/03/30 13:47:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2014/02/15 09:51:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/15 09:51:36 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/11 15:03:08 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 09:51:36 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/15 20:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/26 16:29:16 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/02 20:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/27 17:01:58 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 17:01:58 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/27 17:01:57 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/04 19:07:44 | 000,069,224 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/02 16:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 16:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 22:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 A7 2B F2 F4 CC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B65030561-c150-4370-836c-7c9d04f7a1b4%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140326060057
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/16 16:50:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/07/02 18:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/03/28 12:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions
[2014/03/28 12:06:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/10 07:41:40 | 000,037,883 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{65030561-c150-4370-836c-7c9d04f7a1b4}.xpi
[2014/02/25 20:33:26 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/02 18:09:47 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/07/02 18:09:22 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\Bing.xml
[2013/07/03 11:19:08 | 000,001,720 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\sweetim.xml
[2014/02/15 09:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/15 09:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 09:51:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/30 14:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2014/03/30 14:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/03/30 14:39:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC5BDC7-4C3E-401D-A070-D4F72819CBD3}: DhcpNameServer = 192.168.254.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\beach2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\beach2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/17 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/17 16:15:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/17 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/13 03:03:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/13 03:03:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/13 03:03:19 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/13 03:03:18 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/13 03:03:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/13 03:03:16 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/13 03:03:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/13 03:03:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/12 06:19:29 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/12 06:19:28 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/12 06:19:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/12 06:19:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/03/07 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2014/03/07 17:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/30 13:46:46 | 002,436,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/30 13:46:46 | 000,741,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/30 13:42:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 13:37:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 13:37:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 13:37:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 13:36:50 | 238,371,882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/30 13:32:53 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2014/03/25 16:35:50 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/25 16:35:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/17 16:15:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/13 09:06:20 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/13 09:06:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2014/03/13 09:02:06 | 000,270,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/11 15:03:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/11 15:03:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/07 17:23:34 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/03/07 17:20:17 | 000,062,684 | ---- | M] () -- C:\Users\Owner\Documents\tag.jpg
 
========== Files Created - No Company Name ==========
 
[2014/03/17 16:15:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/07 17:23:34 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/03/07 17:15:08 | 000,062,684 | ---- | C] () -- C:\Users\Owner\Documents\tag.jpg
[2013/07/02 18:05:05 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 17:02:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 16:50:46 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 16:50:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/04/25 19:44:50 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/25 19:44:50 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/25 18:39:20 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2013/03/25 10:09:07 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/14 03:04:37 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/12/16 18:39:25 | 000,122,798 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012/12/16 18:39:25 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012/12/03 21:43:08 | 000,006,656 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 09:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 09:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 

  • 0

#6
ckb0118
Posted 13 April 2014 - 04:55 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
OTL logfile created on: 4/13/2014 3:33:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 66.68% Memory free
5.98 Gb Paging File | 4.84 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 755.86 Gb Free Space | 81.14% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/13 11:03:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2014/03/30 17:08:26 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/25 17:07:22 | 000,173,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/03/25 17:07:20 | 000,121,424 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/02/25 11:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/02/25 11:41:34 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/02/25 11:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/02/25 11:41:24 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/01/15 20:40:24 | 000,277,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/14 16:45:20 | 000,924,040 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/06/14 16:44:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2013/06/14 16:43:52 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2013/06/13 21:00:38 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2013/06/09 19:55:00 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/01/31 05:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 05:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/31 03:32:17 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/03/31 03:32:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/03/31 03:31:14 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/03/31 03:31:03 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/03/31 03:15:54 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/03/31 03:15:48 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a95ac0b02617b9dadbc5f625586b2aac\System.ServiceModel.ni.dll
MOD - [2014/03/31 03:15:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014/03/31 03:15:24 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6769297ceb522c4fe6de2c5e3575812d\System.IdentityModel.ni.dll
MOD - [2014/03/31 03:13:45 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\360603d8efa82557e7fce70287cb242e\WindowsFormsIntegration.ni.dll
MOD - [2014/03/31 03:12:50 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\cd626ecab8e1657628451408aba720cd\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/03/31 03:12:50 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014/03/31 03:12:49 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\88aec4231adca9f5a4226c83911c4dad\SMDiagnostics.ni.dll
MOD - [2014/03/31 03:12:48 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
MOD - [2014/03/31 03:12:45 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014/03/31 03:10:17 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014/03/31 03:10:11 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\880358291baf3043e07b2a7c2f401c85\PresentationFramework.ni.dll
MOD - [2014/03/31 03:10:09 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/03/31 03:10:05 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/03/31 03:10:03 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4bfb0decf7cfe076020f64ee6dd007cc\PresentationFramework.Aero.ni.dll
MOD - [2014/03/31 03:10:02 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\5f86730ab77a0ebb5ea8411dcc1753b7\System.Data.Linq.ni.dll
MOD - [2014/03/31 03:09:59 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014/03/31 03:09:55 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\db591e35967527b7b864124303dea13a\PresentationCore.ni.dll
MOD - [2014/03/31 03:09:51 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/03/31 03:09:44 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dc74ab189aa9b156581a7228866d3330\WindowsBase.ni.dll
MOD - [2014/03/31 03:09:42 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/03/31 03:09:40 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/03/31 03:09:35 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\8fa7f2d6cc4122c7102a02586074a183\System.Numerics.ni.dll
MOD - [2014/03/31 03:09:33 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014/03/25 17:07:18 | 000,137,808 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/03/25 17:07:16 | 000,049,744 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2014/03/30 18:04:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/25 17:07:20 | 000,121,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/03/15 04:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/25 11:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/02/25 11:41:34 | 001,017,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/02/25 11:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/01/15 20:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/02/25 11:41:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014/02/25 11:41:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2014/02/25 11:41:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/02/25 11:41:24 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/06/04 19:07:44 | 000,069,224 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/02 16:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 16:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 22:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 A7 2B F2 F4 CC CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B65030561-c150-4370-836c-7c9d04f7a1b4%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/07/02 18:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/04/10 11:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions
[2014/03/28 12:06:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(88)
[2014/04/10 11:00:17 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\[email protected]
[2013/04/10 07:41:40 | 000,037,883 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{65030561-c150-4370-836c-7c9d04f7a1b4}.xpi
[2014/02/25 20:33:26 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/02 18:09:47 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2014/03/30 19:10:36 | 000,000,971 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\avira-safesearch.xml
[2013/07/02 18:09:22 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\Bing.xml
[2013/07/03 11:19:08 | 000,001,720 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\sweetim.xml
[2014/04/13 12:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/13 12:20:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC5BDC7-4C3E-401D-A070-D4F72819CBD3}: DhcpNameServer = 192.168.254.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\beach2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\beach2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/13 12:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/30 19:48:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2014/03/30 19:35:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2014/03/30 19:35:30 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014/03/30 19:35:30 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014/03/30 19:35:30 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2014/03/30 19:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/03/30 19:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/03/30 19:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/03/30 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/03/30 19:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014/03/30 19:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014/03/30 19:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014/03/30 19:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/03/30 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/30 17:21:12 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/03/30 17:21:12 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/03/30 17:21:12 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/30 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/03/30 17:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/30 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/03/30 17:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/03/30 14:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(29)
[2014/03/17 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/13 16:02:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/13 15:20:25 | 002,228,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/13 15:20:25 | 000,667,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/13 15:15:53 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/13 15:15:53 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/13 15:15:52 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4c61d1568f39.job
[2014/04/13 15:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/13 15:15:41 | 3083,304,960 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/13 15:15:39 | 209,195,042 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/13 12:20:35 | 000,000,870 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/13 12:20:29 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/13 12:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/31 03:29:01 | 000,270,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/30 19:30:54 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/03/30 19:09:18 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/03/30 17:56:40 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/03/30 17:55:51 | 000,001,995 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/30 17:53:34 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2014/03/30 17:21:14 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 17:13:08 | 000,055,296 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2014/03/30 17:12:52 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/30 17:06:37 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/03/30 17:06:37 | 000,001,919 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/13 12:20:35 | 000,000,870 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/13 12:20:29 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/13 12:20:29 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/30 19:30:54 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/03/30 19:09:18 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/03/30 18:05:22 | 3083,304,960 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/30 17:48:42 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4c61d1568f39.job
[2014/03/30 17:21:14 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 17:12:52 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/02 18:05:05 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/27 17:02:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 16:50:46 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 16:50:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/04/25 18:39:20 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2013/03/25 10:09:07 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/14 03:04:37 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/12/16 18:39:25 | 000,122,798 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012/12/16 18:39:25 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012/12/03 21:43:08 | 000,006,656 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 09:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 09:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/14 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2012/12/16 18:55:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#7
ckb0118
Posted 13 April 2014 - 04:55 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Ok above is the new one, glad it worked! Thanks!
  • 0

#8
Valinorum
Posted 14 April 2014 - 06:42 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Post the Extras.txt log located in C:\Users\Owner\Downloads.
  • 0

#9
ckb0118
Posted 14 April 2014 - 08:04 AM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Here you go.  The computer shut down twice while trying to post this.. nothing else open.  Had to run safe mode.

Thanks!

 

 

 

OTL Extras logfile created on: 4/13/2014 3:33:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 66.68% Memory free
5.98 Gb Paging File | 4.84 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 755.86 Gb Free Space | 81.14% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C5138FD-8098-4A78-B4BD-FC13D040D83E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{8775E95D-5815-4793-972A-8449A44C828C}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ACBB829-E7DE-4110-833C-4CC20B988995}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{284255A8-02D7-458E-95EC-B29A68C65519}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B028EBD-8938-4922-A6A2-79A14CDA6A80}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2E30E23A-87F8-4976-87A9-A9F30167ACCC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{51A976CF-0C3F-47D4-B854-D5DCA569BAE8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{5BEE1C97-2A8E-4579-8760-2BA02669D64E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5DD3E570-93F9-4731-81C6-02814C20D2FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81D18094-31E7-44E7-975A-7AC87B485DDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A909B04E-9500-4A4D-B92B-47D296DFF994}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{AA8E01D0-C39F-4406-960B-52C733460ACB}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E3AB7A12-61FD-4006-B1D9-96F437BFECDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1606C5A0-DCD7-4543-A185-FAAD210E5284}" = Citrix Receiver(Aero)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6D7195-3B74-46AF-9BD1-49EBECD0A455}" = Citrix Receiver(DV)
"{42D65288-92F3-4AD6-892C-DFEE475F69A9}" = Citrix Receiver Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
"{6BDC0D7C-9E42-4667-8FA9-2F26A2FEF4D0}" = Citrix Receiver(USB)
"{6C487153-A286-48F7-BE55-717552E90E20}" = Self-service Plug-in
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa}" = Avira
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A0FE2C0-7A7E-444E-8BD4-087178A91865}" = Online Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D46F9B7B-24C6-410F-A995-A2D4E541B610}" = TurboTax 2012 wnciper
"{D67AEDE1-BCCF-4C5D-BF4F-A08FE92075B7}" = Citrix Receiver Inside
"{DB1C49C7-AC32-4785-A281-774744FC78F5}" = Citrix Authentication Manager
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC94A726-7636-4693-9627-D8A8B44793EE}" = Citrix Receiver (HDX Flash Redirection)
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F52985D7-E765-457F-9C00-83D463690F73}" = Avira
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuitKeeper" = Quit Keeper
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TurboTax 2012" = TurboTax 2012
"Yahoo! Software Update" = Yahoo! Software Update
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/13/2014 11:06:22 AM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 4/13/2014 11:06:22 AM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 4/13/2014 11:58:07 AM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 4/13/2014 11:58:07 AM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 4/13/2014 12:06:13 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: 1308  Start Time: 01cf5731d481b562  Termination Time: 7
 
Error - 4/13/2014 12:16:00 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL (1).exe version 3.2.69.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 1658  Start Time: 01cf57330f6985d2  Termination Time: 7
 
Error - 4/13/2014 3:20:22 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 4/13/2014 3:20:22 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 4/13/2014 3:20:42 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: c64  Start Time: 01cf574d41584bd4  Termination Time: 15
 
Error - 4/13/2014 3:33:19 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: 2cc  Start Time: 01cf574f0e60c574  Termination Time: 0
 
[ System Events ]
Error - 7/11/2013 3:09:09 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 7/11/2013 3:09:09 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/14/2013 4:38:33 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:36:34 PM on 7/14/2013 was unexpected.
 
Error - 7/17/2013 4:47:32 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.254.3 on
 the Network Card with network address 001BB985060E.
 
Error - 7/19/2013 4:09:21 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:18:17 PM on 7/19/2013 was unexpected.
 
Error - 7/24/2013 1:23:45 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =
 
Error - 7/31/2013 3:51:25 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.254.3 on
 the Network Card with network address 001BB985060E.
 
Error - 7/31/2013 5:11:47 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:10:22 PM on 7/31/2013 was unexpected.
 
Error - 8/3/2013 4:59:14 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =
 
Error - 8/11/2013 7:32:59 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 


  • 0

#10
Valinorum
Posted 14 April 2014 - 08:47 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi ckb0118, :)
  • Step #1 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]
      :OTL
      SRV - [2014/01/15 20:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
      IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
      IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-001BB985060E}
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
      CHR - Extension: McAfee Security Scan+ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
      O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
      O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
      O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      [2014/03/30 17:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
      [2014/03/30 17:06:37 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      [2014/03/30 17:06:37 | 000,001,919 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
      [2012/12/16 18:55:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

      :Commands
      [emptytemp]
      [resethosts]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #3 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • OTL Fix Log;
    • AdwCleaner Log;
    • Junkware Removal Tool Log
Regards,
Valinorum
  • 0

Advertisements

#11
ckb0118
Posted 15 April 2014 - 04:29 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Error: No service named McComponentHostService was found to stop!
Service\Driver key McComponentHostService not found.
File C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ not found.
File C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll not found.
File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
File C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\accounts\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
Folder C:\Program Files\McAfee Security Scan\ not found.
File C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk not found.
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
Folder C:\Users\Owner\AppData\Roaming\TuneUp Software\ not found.
Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 4008161285 bytes
->Temporary Internet Files folder emptied: 574947017 bytes
->FireFox cache emptied: 32395273 bytes
->Google Chrome cache emptied: 7160211 bytes
->Flash cache emptied: 170097 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1637925872 bytes
RecycleBin emptied: 17292480 bytes
 
Total Files Cleaned = 5,987.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04142014_182524

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#12
ckb0118
Posted 15 April 2014 - 04:30 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

# AdwCleaner v3.023 - Report created 15/04/2014 at 06:35:56
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\MyPC Backup
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\searchplugins\SweetIm.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5tav303s.default\prefs.js ]

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Line Deleted : user_pref("extensions.helperbar.installationid", "52db0407-f060-4db6-aa4d-638516133a69");
Line Deleted : user_pref("extensions.helperbar.installdate", "02/07/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");
Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3400 octets] - [14/04/2014 18:53:14]
AdwCleaner[S0].txt - [3381 octets] - [15/04/2014 06:35:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3441 octets] ##########
 


  • 0

#13
ckb0118
Posted 15 April 2014 - 04:37 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Owner on Tue 04/15/2014 at 18:34:56.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1245287835-1319149822-832245991-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\wiseconvert"



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5tav303s.default\minidumps [126 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/15/2014 at 18:37:09.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#14
Valinorum
Posted 15 April 2014 - 09:38 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Did you run the fixes from Normal mode or Safe mode? How is the system running?
  • 0

#15
ckb0118
Posted 16 April 2014 - 04:23 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Oops, I did OTL in safe mode because it kept shutting down. I forgot to tell you that, sorry. Yesterday everything was fine and this morning the computer shut down twice. So we turned it off again. Let me know what to do next. Thanks!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP