Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

1 threat found and 15 malware items detected


  • Please log in to reply

#1
puthu

puthu

    Member

  • Member
  • PipPipPip
  • 153 posts

Hello wonderful people at Geeks to go,

 

How are you all ? I have got help from you twice in the past and I am a returning client. I guess that says it all, how wonderful you all are. Thank you, thank you, thank you for your amazing support and service that you all are doing sparing time to such a wonderful website. I cant thank you enough. As the subject, suggests on top, my kapersky antivirus software just expired a couple days back and i  was trying to renew it but my laptop computer wouldnt allow me to renew the license. I do not know the nature of this reason but it simply wouldnt help me renew. So I do not have an anitvirus software on my laptop, which means i have to type this message and close it immdediately cause i could be suspetible various threats on the web right now, just as we speak. I am pasting the OTL log below. Also, I do not know what the best antivirus software in the market right now, Can you please suggest what I should buy to protect my computer from internet threats. I use facebook a lot so I dont know what is right for me. Please please suggest. The message I got above was when my kapersky expired, that software showed up this message. Thats all I know but my computer is working fine as far as I know. My message to you, is out of my apprehension that I might have a malware or a threat, so I am in no hurry but I would like to be safe and take precaution. Please please help... i am pasting the OTL log now : 

 

OTL logfile created on: 19/09/2014 11:41:51 AM - Run 9
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 47.41% Memory free
6.91 Gb Paging File | 5.14 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 154.92 Gb Free Space | 66.52% Space Free | Partition Type: NTFS
 
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/19 11:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
PRC - [2014/09/09 22:08:09 | 000,854,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
PRC - [2014/09/04 09:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/06 14:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/08/27 18:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/03/22 09:11:44 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 22:39:33 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2008/05/02 01:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/03/24 22:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/01/20 23:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 23:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 22:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/07 21:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/07 20:51:46 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/01/03 05:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/03 05:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/20 15:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 15:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 22:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/27 22:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 19:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/10/01 20:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 17:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/07 16:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/06 17:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/09 00:48:26 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\Windows\BR040286.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/11 12:10:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ecc6ea26e775933a1f05e79624ce82b5\System.Management.ni.dll
MOD - [2014/09/11 12:10:21 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7bd37ef6a36439ab4550386011d223fc\System.ServiceProcess.ni.dll
MOD - [2014/09/11 12:10:12 | 011,908,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e6b56aac0bf215d7796aefcd9abda0bd\System.Web.ni.dll
MOD - [2014/09/11 12:10:00 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\00ae7fa4e4351893a11a36a6712965af\System.Runtime.Remoting.ni.dll
MOD - [2014/09/11 12:09:49 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a701c4affbf06da91d3c666feed05c0e\System.Configuration.ni.dll
MOD - [2014/09/11 12:08:16 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\846057ebe7a3cb80edc3f73d35b4830a\System.Xml.ni.dll
MOD - [2014/09/11 12:07:54 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\33cd8a4969b01252189a6c1ca39ccb45\System.Windows.Forms.ni.dll
MOD - [2014/09/11 12:07:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e279c8265d76b7ca403c7ef9185ec04\System.Drawing.ni.dll
MOD - [2014/09/11 12:06:06 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0ab7bdcd7b8bdf70f983be2c324ea3b8\System.ni.dll
MOD - [2014/09/11 12:05:57 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2008/05/02 01:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/02 01:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/01/09 22:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/09 22:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 06:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/20 17:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/20 15:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/19 22:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/19 22:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/19 22:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/19 22:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/09/20 18:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/11 13:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2003/06/07 18:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/09/09 22:08:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 09:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/06 14:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/27 18:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/03 05:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/20 15:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 22:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 22:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/10/01 20:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 17:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/07/31 22:31:52 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\5C245274.sys -- (MBAMSwissArmy)
DRV - [2009/09/05 18:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 23:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/11/30 19:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/10/29 18:46:42 | 000,829,096 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/05/02 08:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 21:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{44B67AE4-AAB5-4F8C-BE74-8B97E51F920A}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E6F8E096-4836-47C0-8883-6A99317FB847}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Allen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Allen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
 
[2013/03/20 21:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2013/03/20 21:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/04 07:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012/03/22 09:06:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe (Bison Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF6B887-1F9F-42C1-9C3E-0E7E44A7B879}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/19 11:40:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2014/09/18 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C6ED8AF9-26F0-45AF-81BF-BA1B08673CD0}
[2014/09/18 22:49:43 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2014/09/18 00:48:59 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{8047777C-0BF4-40BE-9E52-82B4684798FC}
[2014/09/18 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\MyTurboPC.com
[2014/09/18 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\DriverCure
[2014/09/18 00:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/09/17 21:33:52 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{8B8F0E82-55B0-4A30-A752-3D066E19EA1E}
[2014/09/16 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/16 20:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/09/16 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C183F274-BF3E-44F7-A270-02ACAB6BFF6F}
[2014/09/13 08:36:48 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C1855C2C-7537-45B1-A2FE-B30316852BF0}
[2014/09/11 12:21:03 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{84FA9168-1E29-4A75-88C0-A60FE59BD46E}
[2014/09/05 02:52:13 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{40EA7764-4DBB-4A2E-A6E1-43BB40996E35}
[2014/08/28 22:01:03 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{6A3182DE-43A8-4F6A-9F11-A590B9212899}
[2014/08/22 11:22:26 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{5BD43269-286A-46DB-94F9-2FDBF4D4A055}
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/19 11:42:30 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
[2014/09/19 11:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2014/09/19 11:25:20 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
[2014/09/19 11:25:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/19 11:25:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/18 22:48:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/18 22:48:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/17 23:36:13 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
[2014/09/17 07:11:15 | 005,430,442 | ---- | M] () -- C:\Users\Allen\Desktop\Landslide (Allen Rob Rough Version).mp3
[2014/09/16 20:24:00 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/16 13:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
[2014/09/16 10:04:33 | 000,005,922 | -HS- | M] () -- C:\Users\Allen\Desktop\Folder.jpg
[2014/09/16 10:04:33 | 000,001,943 | -HS- | M] () -- C:\Users\Allen\Desktop\AlbumArtSmall.jpg
[2014/09/15 18:10:42 | 005,606,104 | ---- | M] () -- C:\Users\Allen\Desktop\Landslide - Bush X.mp3
[2014/09/11 12:09:31 | 000,718,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/11 12:09:31 | 000,152,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/07 21:58:22 | 000,087,670 | ---- | M] () -- C:\Users\Allen\Desktop\minu3.jpg
[2014/09/07 21:57:56 | 000,060,355 | ---- | M] () -- C:\Users\Allen\Desktop\minu2.jpg
[2014/09/07 21:57:29 | 000,054,024 | ---- | M] () -- C:\Users\Allen\Desktop\minu1.jpg
[2014/09/03 19:42:15 | 000,046,238 | ---- | M] () -- C:\Users\Allen\Desktop\seema3.jpg
[2014/09/03 19:41:40 | 000,073,078 | ---- | M] () -- C:\Users\Allen\Desktop\seema2.jpg
[2014/09/03 19:41:06 | 000,071,060 | ---- | M] () -- C:\Users\Allen\Desktop\seema1.jpg
[2014/08/28 21:54:09 | 000,391,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/27 00:09:18 | 000,376,350 | ---- | M] () -- C:\Users\Allen\Desktop\10317682_10154205844215641_7300979278718627901_o.jpg
 
========== Files Created - No Company Name ==========
 
[2014/09/17 07:11:14 | 005,430,442 | ---- | C] () -- C:\Users\Allen\Desktop\Landslide (Allen Rob Rough Version).mp3
[2014/09/16 10:04:33 | 000,005,922 | -HS- | C] () -- C:\Users\Allen\Desktop\Folder.jpg
[2014/09/16 10:04:33 | 000,001,943 | -HS- | C] () -- C:\Users\Allen\Desktop\AlbumArtSmall.jpg
[2014/09/15 18:10:42 | 005,606,104 | ---- | C] () -- C:\Users\Allen\Desktop\Landslide - Bush X.mp3
[2014/09/07 21:58:22 | 000,087,670 | ---- | C] () -- C:\Users\Allen\Desktop\minu3.jpg
[2014/09/07 21:57:56 | 000,060,355 | ---- | C] () -- C:\Users\Allen\Desktop\minu2.jpg
[2014/09/07 21:57:29 | 000,054,024 | ---- | C] () -- C:\Users\Allen\Desktop\minu1.jpg
[2014/09/03 19:42:14 | 000,046,238 | ---- | C] () -- C:\Users\Allen\Desktop\seema3.jpg
[2014/09/03 19:41:39 | 000,073,078 | ---- | C] () -- C:\Users\Allen\Desktop\seema2.jpg
[2014/09/03 19:41:06 | 000,071,060 | ---- | C] () -- C:\Users\Allen\Desktop\seema1.jpg
[2014/08/27 00:09:17 | 000,376,350 | ---- | C] () -- C:\Users\Allen\Desktop\10317682_10154205844215641_7300979278718627901_o.jpg
[2014/04/10 19:11:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/26 22:24:08 | 001,136,459 | ---- | C] () -- C:\Users\Allen\12.wma
[2012/02/19 20:43:14 | 000,000,680 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2011/04/10 15:23:30 | 000,000,052 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
[2011/04/10 15:23:29 | 000,006,733 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
[2010/07/21 02:59:37 | 000,058,368 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 23:23:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/20 20:06:04 | 000,000,314 | ---- | C] () -- C:\Users\Allen\Public - Shortcut.lnk
[2008/11/13 02:28:23 | 000,024,206 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2008/10/08 04:32:48 | 000,000,301 | ---- | C] () -- C:\Users\Allen\Collision avoidance notes.rtf
 
========== ZeroAccess Check ==========
 
[2006/11/02 09:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 10:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/11 03:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/11 03:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/09/17 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Acer
[2013/03/21 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BHOK IT Consulting
[2014/09/18 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DriverCure
[2008/11/02 03:02:48 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\EPSON
[2008/09/17 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Leadertech
[2014/09/18 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\MyTurboPC.com
[2008/10/15 03:25:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\OpenOffice.org
[2013/03/20 21:33:18 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/05/14 20:05:47 | 000,133,640 | ---- | M] ()(C:\Windows\System32\?) -- C:\Windows\System32\੥
[2014/05/14 20:05:47 | 000,133,640 | ---- | C] ()(C:\Windows\System32\?) -- C:\Windows\System32\੥
[2014/04/09 13:56:14 | 007,307,264 | ---- | M] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014/04/06 18:06:26 | 007,307,264 | ---- | C] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

< End of report >


  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi,

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.
Since you have reinstalled your antivirus we need to update your OTL scan and run an ASWmbr scan.


Step 1.

ASWmbr Scan

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Right click and select Run as Administrator on the aswmbr.png aswMBR.exe to run it

aswMBR1.png

Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well

msgbox.png

On completion of the scan click Save Log, save it to your desktop and post in your next reply

aswMBR2.png

The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file, it will be removed in our cleanup at the end.

Step 2.

Download OTL to your Desktop
  • Right click and select Run as administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under Extra Registry select Use SafeList
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    services.*
    svchost.exe
    rpcss.*
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will not take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

  • 0

#3
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Hi compcav,

 

Please find below everything u instructed me to do :

1) aswMBR.txt

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-23 12:13:14
-----------------------------
12:13:14.649    OS Version: Windows 6.0.6002 Service Pack 2
12:13:14.649    Number of processors: 2 586 0xF0D
12:13:14.659    ComputerName: ALLEN-PC  UserName: Allen
12:14:07.909    Initialize success
12:14:08.269    VM: initialized successfully
12:14:08.299    VM: Intel CPU virtualization not supported
12:16:09.183    AVAST engine defs: 14092300
12:16:17.264    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
12:16:17.264    Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC31P Size: 238475MB BusType: 3
12:16:17.483    Disk 0 MBR read successfully
12:16:17.483    Disk 0 MBR scan
12:16:17.498    Disk 0 Windows VISTA default MBR code
12:16:17.514    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238473 MB offset 2048
12:16:17.529    Disk 0 scanning sectors +488394752
12:16:17.607    Disk 0 scanning C:\Windows\system32\drivers
12:16:44.399    Service scanning
12:16:58.873    Service cm_km_w C:\Windows\system32\DRIVERS\cm_km_w.sys **LOCKED** 5
12:17:08.502    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:17:08.572    Service kldisk C:\Windows\system32\DRIVERS\kldisk.sys **LOCKED** 5
12:17:08.748    Service klflt C:\Windows\system32\DRIVERS\klflt.sys **LOCKED** 5
12:17:08.841    Service klhk C:\Windows\system32\DRIVERS\klhk.sys **LOCKED** 5
12:17:09.100    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:17:09.130    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
12:17:09.170    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:17:09.210    Service klpd C:\Windows\system32\DRIVERS\klpd.sys **LOCKED** 5
12:17:09.250    Service kltdf C:\Windows\system32\DRIVERS\kltdf.sys **LOCKED** 5
12:17:09.400    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
12:17:09.460    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
12:17:38.390    Modules scanning
12:18:38.729    Disk 0 trace - called modules:
12:18:38.745    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
12:18:38.745    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8cc4d620]
12:18:38.760    3 CLASSPNP.SYS[91ba48b3] -> nt!IofCallDriver -> [0x8c5c2870]
12:18:38.760    5 acpi.sys[9153c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8c58db98]
12:18:39.727    AVAST engine scan C:\Windows
12:18:54.915    AVAST engine scan C:\Windows\system32
12:25:29.168    AVAST engine scan C:\Windows\system32\drivers
12:25:50.976    AVAST engine scan C:\Users\Allen
12:34:35.224    AVAST engine scan C:\ProgramData
12:40:07.393    Scan finished successfully
12:41:30.351    Disk 0 MBR has been saved successfully to "C:\Users\Allen\Desktop\MBR.dat"
12:41:30.361    The log file has been saved successfully to "C:\Users\Allen\Desktop\aswMBR.txt"

It also created an MBR.dat file which is on my desktop

 

2) OTL.txt

OTL logfile created on: 23/09/2014 1:01:12 PM - Run 10
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.59% Memory free
6.91 Gb Paging File | 4.73 Gb Available in Paging File | 68.43% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 154.10 Gb Free Space | 66.17% Space Free | Partition Type: NTFS
 
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/23 12:44:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
PRC - [2014/09/09 22:08:09 | 000,854,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
PRC - [2014/09/04 09:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
PRC - [2014/08/30 17:47:54 | 000,193,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
PRC - [2013/09/06 14:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/08/27 18:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/03/22 09:11:44 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 22:39:33 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2008/05/02 01:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/03/24 22:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/01/20 23:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 22:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/07 21:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/07 20:51:46 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/01/03 05:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/03 05:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/20 15:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 15:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 22:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/27 22:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 19:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/10/01 20:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 17:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/07 16:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/06 17:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/09 00:48:26 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\Windows\BR040286.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/11 12:10:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ecc6ea26e775933a1f05e79624ce82b5\System.Management.ni.dll
MOD - [2014/09/11 12:10:21 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7bd37ef6a36439ab4550386011d223fc\System.ServiceProcess.ni.dll
MOD - [2014/09/11 12:10:12 | 011,908,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e6b56aac0bf215d7796aefcd9abda0bd\System.Web.ni.dll
MOD - [2014/09/11 12:10:00 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\00ae7fa4e4351893a11a36a6712965af\System.Runtime.Remoting.ni.dll
MOD - [2014/09/11 12:09:49 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a701c4affbf06da91d3c666feed05c0e\System.Configuration.ni.dll
MOD - [2014/09/11 12:08:16 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\846057ebe7a3cb80edc3f73d35b4830a\System.Xml.ni.dll
MOD - [2014/09/11 12:07:54 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\33cd8a4969b01252189a6c1ca39ccb45\System.Windows.Forms.ni.dll
MOD - [2014/09/11 12:07:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e279c8265d76b7ca403c7ef9185ec04\System.Drawing.ni.dll
MOD - [2014/09/11 12:06:06 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0ab7bdcd7b8bdf70f983be2c324ea3b8\System.ni.dll
MOD - [2014/09/11 12:05:57 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2008/05/02 01:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/02 01:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/01/09 22:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/09 22:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 06:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/20 17:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/20 15:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/19 22:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/19 22:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/19 22:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/19 22:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/09/20 18:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/11 13:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2003/06/07 18:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/09/09 22:08:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 09:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe -- (AVP15.0.1)
SRV - [2013/09/06 14:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/27 18:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/03 05:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/20 15:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 22:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 22:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/10/01 20:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 17:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Allen\AppData\Local\Temp\aswVmm.sys -- (aswVmm)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Allen\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2014/08/21 15:39:16 | 000,060,552 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdf.sys -- (kltdf)
DRV - [2014/08/20 18:04:48 | 000,673,800 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2014/08/18 14:43:14 | 000,119,816 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klflt.sys -- (klflt)
DRV - [2014/08/12 18:32:56 | 000,036,536 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klhk.sys -- (klhk)
DRV - [2014/07/31 22:31:52 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\5C245274.sys -- (MBAMSwissArmy)
DRV - [2014/07/09 16:23:54 | 000,146,240 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2014/07/02 16:10:34 | 000,036,928 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\kldisk.sys -- (kldisk)
DRV - [2014/06/05 19:02:10 | 000,044,992 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2014/03/31 11:47:08 | 000,143,968 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2014/03/28 17:51:02 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2014/02/25 13:09:02 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2013/08/08 17:10:58 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/04/12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klpd.sys -- (klpd)
DRV - [2013/01/14 21:10:56 | 000,189,136 | ---- | M] (Kaspersky Lab UK Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\cm_km_w.sys -- (cm_km_w)
DRV - [2009/09/05 18:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 23:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/11/30 19:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/10/29 18:46:42 | 000,829,096 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/05/02 08:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 21:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{44B67AE4-AAB5-4F8C-BE74-8B97E51F920A}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...ms}&fr=chr-acer
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{E6F8E096-4836-47C0-8883-6A99317FB847}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014/09/20 20:38:33 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014/09/20 20:38:40 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014/09/20 20:38:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Allen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Allen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014/09/20 20:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014/09/20 20:38:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014/09/20 20:38:40 | 000,000,000 | ---D | M]
 
[2013/03/20 21:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2013/03/20 21:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/04 07:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012/03/22 09:06:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe (Bison Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe File not found
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [Facebook Update] C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF6B887-1F9F-42C1-9C3E-0E7E44A7B879}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{93dac35c-84f4-11dd-abc0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{93dac35c-84f4-11dd-abc0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/23 12:44:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2014/09/22 11:44:07 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{66A48ED0-3C54-410E-9D4F-C186BFD05173}
[2014/09/22 11:41:27 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2014/09/21 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C57EAA10-BC62-49B7-BACD-5F6146EFC4D4}
[2014/09/20 20:54:35 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{AABD2B64-F3F0-41D2-B781-45B36B47F851}
[2014/09/20 20:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014/09/20 20:35:14 | 000,673,800 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2014/09/20 20:35:14 | 000,119,816 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2014/09/20 20:35:14 | 000,036,536 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klhk.sys
[2014/09/20 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2014/09/18 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C6ED8AF9-26F0-45AF-81BF-BA1B08673CD0}
[2014/09/18 00:48:59 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{8047777C-0BF4-40BE-9E52-82B4684798FC}
[2014/09/18 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\MyTurboPC.com
[2014/09/18 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\DriverCure
[2014/09/18 00:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/09/17 21:33:52 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{8B8F0E82-55B0-4A30-A752-3D066E19EA1E}
[2014/09/16 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/16 20:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/09/16 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C183F274-BF3E-44F7-A270-02ACAB6BFF6F}
[2014/09/13 08:36:48 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{C1855C2C-7537-45B1-A2FE-B30316852BF0}
[2014/09/11 12:21:03 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{84FA9168-1E29-4A75-88C0-A60FE59BD46E}
[2014/09/11 11:48:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/11 11:48:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/11 11:48:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/09/11 11:48:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/11 11:48:41 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/11 11:48:40 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/11 11:48:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/11 11:48:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/09/11 11:48:38 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/11 11:48:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/09/11 11:48:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/11 11:48:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/05 02:52:13 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{40EA7764-4DBB-4A2E-A6E1-43BB40996E35}
[2014/08/28 22:01:03 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{6A3182DE-43A8-4F6A-9F11-A590B9212899}
[2014/08/28 21:43:59 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/23 12:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/23 12:44:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2014/09/23 12:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
[2014/09/23 12:41:30 | 000,000,512 | ---- | M] () -- C:\Users\Allen\Desktop\MBR.dat
[2014/09/23 12:38:05 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 12:38:05 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 10:44:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
[2014/09/23 08:52:23 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
[2014/09/23 08:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/22 18:33:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
[2014/09/22 12:16:13 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/21 15:53:24 | 406,334,087 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/21 15:13:14 | 005,478,716 | ---- | M] () -- C:\Users\Allen\Desktop\Landslide (guitar track from rough version).mp3
[2014/09/21 15:12:46 | 005,478,716 | ---- | M] () -- C:\Users\Allen\Desktop\Landslide (Allen Rob rough version final edit).mp3
[2014/09/21 12:51:23 | 000,098,567 | ---- | M] () -- C:\Users\Allen\Desktop\mel2.jpg
[2014/09/20 20:42:18 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014/09/20 13:06:19 | 000,071,920 | ---- | M] () -- C:\Users\Allen\Desktop\melanie.jpg
[2014/09/16 10:04:33 | 000,005,922 | -HS- | M] () -- C:\Users\Allen\Desktop\Folder.jpg
[2014/09/16 10:04:33 | 000,001,943 | -HS- | M] () -- C:\Users\Allen\Desktop\AlbumArtSmall.jpg
[2014/09/15 18:10:42 | 005,606,104 | ---- | M] () -- C:\Users\Allen\Desktop\Landslide - Bush X.mp3
[2014/09/15 09:06:04 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/11 12:09:31 | 000,718,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/11 12:09:31 | 000,152,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/09 22:08:09 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/09 22:08:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/03 19:42:15 | 000,046,238 | ---- | M] () -- C:\Users\Allen\Desktop\seema3.jpg
[2014/09/03 19:41:40 | 000,073,078 | ---- | M] () -- C:\Users\Allen\Desktop\seema2.jpg
[2014/09/03 19:41:06 | 000,071,060 | ---- | M] () -- C:\Users\Allen\Desktop\seema1.jpg
[2014/08/28 21:54:09 | 000,391,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/27 00:09:18 | 000,376,350 | ---- | M] () -- C:\Users\Allen\Desktop\10317682_10154205844215641_7300979278718627901_o.jpg
 
========== Files Created - No Company Name ==========
 
[2014/09/23 12:41:30 | 000,000,512 | ---- | C] () -- C:\Users\Allen\Desktop\MBR.dat
[2014/09/21 15:53:24 | 406,334,087 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/09/21 15:13:14 | 005,478,716 | ---- | C] () -- C:\Users\Allen\Desktop\Landslide (guitar track from rough version).mp3
[2014/09/21 15:12:46 | 005,478,716 | ---- | C] () -- C:\Users\Allen\Desktop\Landslide (Allen Rob rough version final edit).mp3
[2014/09/21 12:51:23 | 000,098,567 | ---- | C] () -- C:\Users\Allen\Desktop\mel2.jpg
[2014/09/20 20:47:27 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014/09/20 13:06:18 | 000,071,920 | ---- | C] () -- C:\Users\Allen\Desktop\melanie.jpg
[2014/09/16 10:04:33 | 000,005,922 | -HS- | C] () -- C:\Users\Allen\Desktop\Folder.jpg
[2014/09/16 10:04:33 | 000,001,943 | -HS- | C] () -- C:\Users\Allen\Desktop\AlbumArtSmall.jpg
[2014/09/15 18:10:42 | 005,606,104 | ---- | C] () -- C:\Users\Allen\Desktop\Landslide - Bush X.mp3
[2014/09/03 19:42:14 | 000,046,238 | ---- | C] () -- C:\Users\Allen\Desktop\seema3.jpg
[2014/09/03 19:41:39 | 000,073,078 | ---- | C] () -- C:\Users\Allen\Desktop\seema2.jpg
[2014/09/03 19:41:06 | 000,071,060 | ---- | C] () -- C:\Users\Allen\Desktop\seema1.jpg
[2014/08/27 00:09:17 | 000,376,350 | ---- | C] () -- C:\Users\Allen\Desktop\10317682_10154205844215641_7300979278718627901_o.jpg
[2014/04/10 19:11:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/26 22:24:08 | 001,136,459 | ---- | C] () -- C:\Users\Allen\12.wma
[2012/02/19 20:43:14 | 000,000,680 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2011/04/10 15:23:30 | 000,000,052 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
[2011/04/10 15:23:29 | 000,006,733 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
[2010/07/21 02:59:37 | 000,058,368 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 23:23:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/20 20:06:04 | 000,000,314 | ---- | C] () -- C:\Users\Allen\Public - Shortcut.lnk
[2008/11/13 02:28:23 | 000,024,206 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2008/10/08 04:32:48 | 000,000,301 | ---- | C] () -- C:\Users\Allen\Collision avoidance notes.rtf
 
========== ZeroAccess Check ==========
 
[2006/11/02 09:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 10:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/11 03:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/11 03:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/09/17 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Acer
[2013/03/21 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BHOK IT Consulting
[2014/09/18 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DriverCure
[2008/11/02 03:02:48 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\EPSON
[2008/09/17 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Leadertech
[2014/09/18 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\MyTurboPC.com
[2008/10/15 03:25:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\OpenOffice.org
[2013/03/20 21:33:18 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 06:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2014/06/02 07:30:29 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 23:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 03:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 03:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 11:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 03:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 23:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 01:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 03:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 03:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 12:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 23:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 03:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 23:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 03:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 03:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 23:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 23:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 23:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 23:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 23:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 03:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 11:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 11:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 03:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 23:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 03:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 03:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 23:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 11:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 03:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 13:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 08:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 03:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 15:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 03:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 08:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 03:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 03:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 03:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 03:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 23:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 03:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 03:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 03:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 03:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 03:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 19:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 03:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 16:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 08:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2008/05/08 02:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 20:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 03:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 00:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 23:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 23:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2009/03/03 01:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/20 23:24:06 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 03:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\ERDNT\cache\rpcss.dll
[2009/04/11 03:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 03:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/03 01:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/03 01:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/03 01:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
 
< MD5 for: RPCSS.DLL.MUI  >
[2006/11/02 09:40:53 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=04D8C6105AB52D757513B027040177BF -- C:\Windows\System32\en-US\rpcss.dll.mui
[2006/11/02 09:40:53 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=04D8C6105AB52D757513B027040177BF -- C:\Windows\winsxs\x86_microsoft-windows-c..qfe-rpcss.resources_31bf3856ad364e35_6.0.6000.16386_en-us_4639dc66263619e5\rpcss.dll.mui
 
< MD5 for: SERVICES  >
[2006/09/18 18:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 18:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.CFG  >
[2014/09/04 09:50:22 | 000,559,515 | ---- | M] () MD5=704FFA2F886780380DB96EF03E5FC512 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 23:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 03:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 03:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 09:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 09:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.ICO  >
[2005/12/14 22:21:08 | 000,007,318 | ---- | M] () MD5=9443DA63ACDF55D7D153D6B22E40722E -- C:\Program Files\Yahoo!\Common\icons\services.ico
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 23:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 23:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 18:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 18:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 18:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 09:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 18:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 09:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 18:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2008/01/20 23:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 23:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 23:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 23:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 23:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 23:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 03:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 03:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 03:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 23:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< dir C:\ /S /A:L /C >
 Volume in drive C is ACER
 Volume Serial Number is 240E-99D1
 Directory of C:\
02/11/2006  10:02 AM    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
02/11/2006  10:02 AM    <JUNCTION>     Application Data [..]
02/11/2006  10:02 AM    <JUNCTION>     Desktop [..]
02/11/2006  10:02 AM    <JUNCTION>     Documents [..]
02/11/2006  10:02 AM    <JUNCTION>     Favorites [..]
02/11/2006  10:02 AM    <JUNCTION>     Start Menu [..]
02/11/2006  10:02 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
02/11/2006  10:02 AM    <SYMLINKD>     All Users [C:\ProgramData]
02/11/2006  10:02 AM    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
02/11/2006  10:02 AM    <JUNCTION>     Application Data [..]
02/11/2006  10:02 AM    <JUNCTION>     Desktop [..]
02/11/2006  10:02 AM    <JUNCTION>     Documents [..]
02/11/2006  10:02 AM    <JUNCTION>     Favorites [..]
02/11/2006  10:02 AM    <JUNCTION>     Start Menu [..]
02/11/2006  10:02 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Allen
17/09/2008  09:03 PM    <JUNCTION>     Application Data [C:\Users\Allen\AppData\Roaming]
17/09/2008  09:03 PM    <JUNCTION>     Cookies [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Cookies]
17/09/2008  09:03 PM    <JUNCTION>     Local Settings [C:\Users\Allen\AppData\Local]
17/09/2008  09:03 PM    <JUNCTION>     My Documents [C:\Users\Allen\Documents]
17/09/2008  09:03 PM    <JUNCTION>     NetHood [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
17/09/2008  09:03 PM    <JUNCTION>     PrintHood [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
17/09/2008  09:03 PM    <JUNCTION>     Recent [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Recent]
17/09/2008  09:03 PM    <JUNCTION>     SendTo [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\SendTo]
17/09/2008  09:03 PM    <JUNCTION>     Start Menu [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu]
17/09/2008  09:03 PM    <JUNCTION>     Templates [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Allen\AppData\Local
17/09/2008  09:03 PM    <JUNCTION>     Application Data [C:\Users\Allen\AppData\Local]
17/09/2008  09:03 PM    <JUNCTION>     History [C:\Users\Allen\AppData\Local\Microsoft\Windows\History]
17/09/2008  09:03 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Allen\AppData\LocalLow
05/06/2012  11:04 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Allen\Documents
17/09/2008  09:03 PM    <JUNCTION>     My Music [C:\Users\Allen\Music]
17/09/2008  09:03 PM    <JUNCTION>     My Pictures [C:\Users\Allen\Pictures]
17/09/2008  09:03 PM    <JUNCTION>     My Videos [C:\Users\Allen\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
02/11/2006  10:02 AM    <JUNCTION>     Application Data [..]
02/11/2006  10:02 AM    <JUNCTION>     Local Settings [..]
02/11/2006  10:02 AM    <JUNCTION>     My Documents [..]
02/11/2006  10:02 AM    <JUNCTION>     NetHood [..]
02/11/2006  10:02 AM    <JUNCTION>     PrintHood [..]
02/11/2006  10:02 AM    <JUNCTION>     Recent [..]
02/11/2006  10:02 AM    <JUNCTION>     SendTo [..]
02/11/2006  10:02 AM    <JUNCTION>     Start Menu [..]
02/11/2006  10:02 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
02/11/2006  10:02 AM    <JUNCTION>     Application Data [..]
02/11/2006  10:02 AM    <JUNCTION>     History [..]
02/11/2006  10:02 AM    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
02/11/2006  10:02 AM    <JUNCTION>     My Music [..]
02/11/2006  10:02 AM    <JUNCTION>     My Pictures [..]
02/11/2006  10:02 AM    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
02/11/2006  10:02 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
02/11/2006  10:02 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
02/11/2006  10:02 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
16/01/2009  06:59 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
25/04/2011  01:07 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
16/01/2009  06:59 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
16/01/2009  06:59 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
16/01/2009  06:59 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/01/2009  06:59 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/01/2009  06:59 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
16/01/2009  06:59 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
16/01/2009  06:59 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
16/01/2009  06:59 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
16/01/2009  06:59 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
16/01/2009  06:59 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
16/01/2009  06:59 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
16/01/2009  06:59 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
16/01/2009  06:59 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
16/01/2009  06:59 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  165,381,890,048 bytes free
 
========== Files - Unicode (All) ==========
[2014/05/14 20:05:47 | 000,133,640 | ---- | M] ()(C:\Windows\System32\?) -- C:\Windows\System32\੥
[2014/05/14 20:05:47 | 000,133,640 | ---- | C] ()(C:\Windows\System32\?) -- C:\Windows\System32\੥
[2014/04/09 13:56:14 | 007,307,264 | ---- | M] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014/04/06 18:06:26 | 007,307,264 | ---- | C] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

< End of report >

 

OTL.extra :

 

OTL Extras logfile created on: 23/09/2014 1:01:12 PM - Run 10
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.59% Memory free
6.91 Gb Paging File | 4.73 Gb Available in Paging File | 68.43% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 154.10 Gb Free Space | 66.17% Space Free | Partition Type: NTFS
 
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F03BE9-702D-47E7-8389-38DFD20C154E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E27E1CE-38EB-4CFE-85A0-630709EECF46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1CD9FD8C-D3CF-4944-9398-FA6853649A8A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{396CE697-5AD3-422F-8E81-719CE1A61410}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46CB0586-B703-4462-B535-ED32313470A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C76D121-C306-41BD-A695-84DCCFF0828A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{55EC959B-16C6-4FC7-936C-7AE311B6DD58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CAF2A1E-AAB4-449E-8F3B-D964C1250063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76CF4495-535F-4E95-8C6B-879A88323B8E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7EAD6615-E48A-4932-A565-9D5BA1CD660D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F04E194-ED65-4FA1-9EDC-E55A40D944F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD673127-28AE-4D20-A67C-D13822D08483}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D8CBD705-F234-4D00-B5D0-71E4557D7766}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{390E7292-8F7E-443E-8784-B7F50965A7B1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3947B629-6FBA-4962-8A79-545551BA0E0E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{47620D60-F3FA-4BF0-A495-1D203C176DA8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{48617D48-7F68-434D-8342-547FE235771E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{58DCA8E1-C0CF-45B1-9030-C7D2468851DF}" = dir=in | app=c:\users\allen\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{642AC82C-7074-4757-9E5B-0381983DA5D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BDC7595-0823-450D-B246-90610F59F8B5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{74D7467A-EEFF-44B9-A907-702E9A129F00}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7D48202A-539A-4356-A2FE-88E5F9372552}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E01BE071-B00A-491D-BB6A-556CA52ABD35}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2DDA02E-CD32-4E79-9071-6112EE455060}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}" = Kaspersky Internet Security
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.12)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}" = Kaspersky Internet Security
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22/09/2014 10:45:56 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:56 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:56 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:56 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:57 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:57 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:57 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 10:45:57 AM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22/09/2014 5:23:20 PM | Computer Name = Allen-PC | Source = Google Update | ID = 20
Description =
 
Error - 23/09/2014 7:38:25 AM | Computer Name = Allen-PC | Source = Google Update | ID = 20
Description =
 
[ Media Center Events ]
Error - 28/10/2008 3:37:29 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 06/11/2008 12:54:27 AM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 12/01/2009 2:48:58 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 13/02/2009 4:20:53 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 01/04/2009 12:40:50 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 29/04/2009 10:19:53 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 07/05/2009 1:28:56 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
[ System Events ]
Error - 20/09/2014 7:51:37 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20/09/2014 7:54:33 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21/09/2014 12:05:42 AM | Computer Name = Allen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 21/09/2014 11:26:35 AM | Computer Name = Allen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 21/09/2014 11:26:37 AM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21/09/2014 2:53:48 PM | Computer Name = Allen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 21/09/2014 2:53:49 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22/09/2014 10:40:46 AM | Computer Name = Allen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:26:50 AM on 22/09/2014 was unexpected.
 
Error - 22/09/2014 10:40:54 AM | Computer Name = Allen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 22/09/2014 10:40:56 AM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 


  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Do you recognize these files?
 
[2014/05/14 20:05:47 | 000,133,640 | ---- | M] ()(C:\Windows\System32\?) -- C:\Windows\System32\੥
[2014/05/14 20:05:47 | 000,133,640 | ---- | C] ()(C:\Windows\System32\?) -- C:\Windows\System32\੥
[2014/04/09 13:56:14 | 007,307,264 | ---- | M] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014/04/06 18:06:26 | 007,307,264 | ---- | C] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
 
 
 
If not please follow these directions and post the links for me for each file:
To use Virustotal go Here
Vp8Js.png
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan

    C:\Windows\System32\੥
    C:\Windows\System32\੥
    C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
    C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button and wait for the reply.
  • Copy and paste the Virustotal link(s) (URL) in your next reply
Also please post the log(s) with the 15 malware and 1 threat that were detected.


Finally please let me know what symptoms you are having.
  • 0

#5
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Honestly Compcav, I dont recognise these files at all. Here are the urls, u asked me to do.

 

 

https://www.virustot...34b11/analysis/

 

https://www.virustot...34b11/analysis/

 

https://www.virustot...sis/1411504345/

 

https://www.virustot...feee0/analysis/

 

 

The log  for the 1 threat and 15malwares, I lost it , so sorry compcav.

 

the symptoms, Honestly ever since i renewed and installed kapersky, I dont see any symptoms except for the computer hanging for a 1 minute or so on certain loggin pages like facebook etc. Thats why I was worried. May be there is nothing wrong, I dont know.  so thats the summary.


  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Then click the Clean button.  It will ask to reboot.  Please let it
  • Upon reboot the cleaning report should appear.  Please copy and paste it into your next reply.
  • This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt if you do not see it after the reboot.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Right click and select Run as Administrator SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Please post:

  • JRT.txt
  • AdwCleaner[R0].txt
  • checkup.txt

 

Also please give me an update on how the computer is performing.

 

 

Regards,

 

CompCav


  • 0

#7
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Allen on 23/09/2014 at 21:05:08.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3196716
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44B67AE4-AAB5-4F8C-BE74-8B97E51F920A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\codeccheck"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Allen\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Allen\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Allen\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{08B8F855-29BB-4699-AA98-F349FF518C1F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{0944B8E6-453F-40FA-9459-DEA6B922D97A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{0A2ED1AB-8F41-4B6D-AACE-8B77733C2B27}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{0A70B010-040C-45C7-AD4F-65487939DBAF}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{0BEE7578-9943-4F7C-9312-C6FC9EB5AFAA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{0E5ADA94-4885-4A9A-BEEE-4B87A1E32C56}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{0FE57A8F-A310-422C-86E8-B935E03A4440}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{10DCA84F-E21B-4A75-93B8-97D010DCF5BE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{10E76CDA-82EE-46EF-95C0-A65C75B269F8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{11AD5894-647D-427A-97A4-70AC4D754410}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{11D2CE3A-866A-461C-ABC6-23A577EFB55A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{124D2A2D-A13E-4B64-88FD-E9B25BD37730}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{12B0DB0A-B59F-43BE-A6E7-0E8EEB368A28}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{12B873FB-B341-4239-A79F-5E782D48B0F8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{12DD245B-0389-4085-B99E-128C4F880014}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{137B0BEA-3061-488C-B3C5-7189D18A927D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{141B05EF-DBE2-4182-87D9-1E0E0AE300E7}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{14369805-7B66-4A14-9A50-13BC7C1AADDB}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1723972F-E362-4921-9B17-1CD6247DBC99}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{197F106A-8849-499F-8706-34057136752C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1A90C896-C8D8-475E-87BF-1EDAC7E9EC63}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1AA55ECA-5104-4283-BD44-D4125B52D879}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1AD9E47B-C8BE-49D6-AF9D-B77004D626B4}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1B4413C8-E683-4BED-920F-C2895241B59A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1C65DB72-E157-4AED-9143-B21B73E2C2CD}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1D34459A-E50C-43D7-B99E-F3A778508036}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1E35ABE1-75DE-4A83-ACC5-D89E937678C3}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1F31D6B3-9375-43F2-B94D-44158A5AB5F9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{1F6E53F8-6BBD-41D4-BD14-E9FA34210C43}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{216875E7-668A-4C16-9A04-8F06D94472A4}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{216B6B90-ADED-43A9-9611-2BBC3FF19814}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{221CC050-6A21-4D7B-B925-F1B9E7E5F2D1}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{23509EF4-97D1-49E1-A6CC-FA10AF6A3618}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{24748BF5-2045-4104-84E9-FFEC53CA6549}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{258EE42E-26C3-406D-B303-3D392D1AD29B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{2754F481-59E3-4FEB-8FA1-F51984111261}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{2F2A0447-897B-46ED-8A60-CB0F3D87D7EE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{2FDD367C-1F3F-453D-B767-B87988027CAF}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{30437EB8-91DE-4AA1-B547-AE81373D60A6}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{32888DEA-5474-4C2F-A703-059ED1A935D5}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{32D777C7-8E1C-498A-B59B-A3CBB5BE306E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{33BB9F94-DBD3-49E6-B793-CB8FC2C3954B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{341DB602-5E55-465C-8A9E-C8ED6FE07258}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{34563BC1-B9E4-48DB-89A6-C30E4F54CDE2}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{363AC6E5-149B-4AB2-BC73-C93A02EA1336}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{367680FA-611C-4D99-AD50-2A8FB011B526}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{38D612B1-BEA4-4896-8A65-ED5B2A78CA8D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{38F26B4F-2C53-4809-9574-C731BE52835F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3BBEF8C8-196E-43DA-9389-4EDA3E955F0A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3BEDE523-521B-48E7-B308-69B72ECD5316}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3C31ECFE-3B41-4C01-BDFD-EBC221EA577F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3CF76F3F-7712-41E4-828A-BDA68AD7C185}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3CFAA176-E15D-4CB6-878F-9CE5A516E741}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3E6EFA46-F71E-44E4-B5E4-8A893D9C7230}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3E91E726-4478-46D9-AB40-02ACFFC90B24}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{3F191BB6-EA7B-4DE8-8E19-6B9411A6EF35}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{40EA7764-4DBB-4A2E-A6E1-43BB40996E35}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4367BF07-E8D6-41CB-AF2F-0F1B945AEFB9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{43F89F21-2F5A-4B67-ACD8-ED229DB07FB3}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{44074CE6-A3EB-40DA-9066-4A7A09CF1715}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{44511650-57B0-4427-BD88-E72F83CAD5A6}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{44A079FC-15E9-4837-8750-E56635E64070}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{44C7124B-6DB5-40F0-B421-C4FD3FC03F7C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{453AA231-4810-4685-9B15-5FA922FC9A65}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{45AAB5F7-5EE2-464E-9E4D-619A96D19E06}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4683FC62-A311-4327-A12E-130D46416AE5}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4837C0F7-D0DF-445E-80DD-1E329970A7EC}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4C65F7CE-0522-489F-8185-2B39B0D61C72}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4D556E8A-91CB-4DBF-84B3-2CBA4EEDB6CA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4DC6EDE9-782B-4A84-A45A-A2C75D3570D1}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4E01A65E-FAA5-45AD-A10E-3C4D728E1B4E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4E6A8C64-CC99-452C-ACA3-E23CA248351C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4F47D545-34AA-4185-9E40-8A568A0FB039}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{4FC98B9C-5B4E-47F1-964B-0C4900107944}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{50A98616-B4F1-4835-BAFF-295CEDD8D36F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{51965111-51B5-40CE-A49C-85621141E0D2}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{51D2F3BA-9B52-4798-BBF8-EA36300B4D0D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{52923A6C-AB63-433D-9389-36A30754DC71}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{52EA38C9-9531-4ED4-9005-6ADAF060DC81}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5316C559-5104-4C15-992A-C079F6472C53}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{53781786-B926-4184-99F9-4080B0F6D244}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{568C83F2-C421-4836-B546-20B069C045E3}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{56EF714E-AA74-4F7B-AE97-E93AF113396E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5742DC89-9CF2-4580-B573-725767492B1C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{57C20BF1-2DF5-4042-A809-84384BCD00E8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{57CAFEB5-C24B-4C9B-A8B4-11B3B8ED4B3D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{58A1ECC0-9594-450B-9543-F357ECA19FE6}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{59E8FD13-1054-4ACB-8B9A-8E028BF238BE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5BD43269-286A-46DB-94F9-2FDBF4D4A055}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5C052CFD-C896-4FFD-9234-16E20BB0A9B0}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5D1473EE-EB24-4F81-826D-5DF434AECE9A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5DB4C093-C74B-4165-A4E3-71999396F2C9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5EB2D912-155B-4EE4-998E-F9847A3F9E6D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5ED6909C-5FF5-4DEF-80AF-2C210E0F01AD}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5F25922D-662F-4E1C-997C-A88AD22273B9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{5F572DEB-DF02-4A39-A8DD-57558A17A678}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6470B3FD-28A2-45FB-865C-C636AEC57E30}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{655F20C8-1C64-4E75-A23D-A8BDC0B84E66}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6572F050-AC0D-40D6-A1B8-17DB5CDCB729}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6647896F-7F72-4AB9-AF77-4E0AAEAB254C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{66A48ED0-3C54-410E-9D4F-C186BFD05173}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{672503EF-8969-48EC-8367-EF414CD24E65}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6732B0A8-3B7E-4EDF-8BA7-3B4CED39C5CD}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{67A983BB-D351-4C4E-8B0A-8B8DE6026652}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6A2FF59F-4AD9-4211-AAB2-7160B1130EF8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6A3182DE-43A8-4F6A-9F11-A590B9212899}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6B93EA27-A8AE-4B38-8E58-E1F5AC922B1D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6CF6B9D5-28D2-429A-9DA8-7E2D2B73316F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6EC285E4-26EB-4213-8D7A-130325D7BE76}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{6EF2A960-7850-4E16-A5D5-FD8D85DF6836}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{715CE2F4-C32A-4F1B-B317-6ED61525E730}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{71E5776A-4A99-426C-8CFC-265EDC30BB98}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{72BFC9E8-16AA-496A-A12C-95C183EB3DE3}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{7579C994-23F7-439B-A114-56DFC3F7F8CA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{77036790-86F6-408B-BBD1-CA7FBD630011}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{770DF47B-C739-42F8-9DD8-4BB65DB20020}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{798D1B8A-16BF-44B8-AA5C-8721A4A2D29F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{7B63CC96-552B-42B7-8B05-B6F4CF7920B7}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{7C87B566-84B1-4CA2-8B9A-BC6C4BAADF33}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{7E2A14A1-5616-4EE1-BE6B-AF54220B532E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{7F2EF4E3-07CA-497D-A9F4-1A9B4F0042D4}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{80304652-2264-4B02-A36E-E4DDC502A360}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8047777C-0BF4-40BE-9E52-82B4684798FC}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{804A5483-2280-4769-8303-1112DDCC145F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{81849E96-57DD-48F8-9EF5-6046B547EEEA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{822E2CE6-D474-4FCA-8C72-C0F587016751}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{83D64FF0-7BBB-46D9-AAC6-A7411BD2901E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{84FA9168-1E29-4A75-88C0-A60FE59BD46E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{85B06BA0-9B0F-47C7-B53B-E983A43DDB5B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8643FA2A-4AAB-4945-B296-8D58FB22C94F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8650842A-BD22-4C03-923E-34F43EEDD11B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{86F57A2F-0179-4A78-AF62-E1080E9BFCD9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{89582564-2EED-41E8-A65F-4E6E948F436E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{899CB6CC-77C7-40A2-97B1-F420D77DBDA8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{89D88ED3-D1D8-4EB2-99C5-BC77AD7A7284}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8B8F0E82-55B0-4A30-A752-3D066E19EA1E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8CF0D9D5-8D85-41DE-9E33-3B7218C21DDE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8E3AB076-3DF2-4651-97A1-ABAF2E97E1BF}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8E4EC9B7-3CD6-4365-9BD7-E34B65CEB9E6}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{8E8A6AD2-F3BD-492C-973F-503E7DBF5348}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{908807F4-F963-4F66-BDEB-FCB52B530DDC}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{9198E43D-A6C2-4C89-BB53-CB402E744001}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{9230C36F-847D-4C37-9FDC-37D2824C0B3B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{948DB79C-479D-4BFF-9124-31889176271A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{95CA123F-79C1-4B11-A3B0-B90514A026E9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{960DB02F-1F41-4B1C-8D6D-6256D477FCA1}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{9685AAF9-5E17-4681-9910-4DCEA5C2DFE9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{97FE8313-8898-4B60-BEE4-881D9E4950C0}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{996F5E67-4B9C-4166-A5EB-D1381599E6BD}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{9987B01E-95FE-4864-B998-989170285C6A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{9AFE2242-B3F0-417E-8116-1B407A1C1E33}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{9C006AAA-92B3-4BA2-AB27-DEF3B7EFB830}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A1ACAA76-B9E5-4495-AFEB-371AF74A4AF2}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A31064C9-1F6A-491D-97BB-BA5F780768DF}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A3AD4625-6F4C-4094-8017-196BD45663E8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A4352F47-CC2B-4908-9E33-367697340ED8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A536E157-ED5A-4494-81BB-538E19760FEA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A5F5F3A6-6C14-4E7D-9C97-49D200939CB1}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A65060EA-63FD-4495-9587-4CE87CC84747}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A67D0EFD-CC6C-48A0-9D77-C6996A99546A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A6EFBD50-6A56-44F4-ADF9-EB0EC16EF455}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A84DCAB0-C6DC-4D78-9546-88C113922BA6}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A8DD2C74-6907-471A-AADF-08496FDACA2C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{A9AEE6E1-E175-455F-A49A-8F69360ADA92}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{AAAE079F-D7CC-421F-B187-0BFE1BC7EAA6}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{AABD2B64-F3F0-41D2-B781-45B36B47F851}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{ADC6C5C9-6565-42A5-858D-4AC4EEDD77E2}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{ADDA602A-D8A2-4590-97C6-DCF550532400}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{ADE36A4E-FF2F-47DB-A32B-626637D6F45F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{AEC0D05A-3002-4EEB-A3D6-320024AF58CD}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{AED4EDEA-7107-46C4-8CCA-FCA56E33156B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{AFAD7802-181F-4084-8776-33AE7A9F2373}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{AFF17C22-03AA-4E7F-9C55-0687158D4397}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B0E70C1B-57F8-4235-A03C-16FCDCFD60CD}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B105182C-C54A-49C1-9376-13BB1D67071C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B190698D-D218-449A-B63A-EB1AB4810EBE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B22199C2-9DB8-4200-989D-2152859E5177}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B261220E-BB74-4E0A-9A41-30955DCF9A37}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B2754D91-4DDA-45CD-8ED2-ECA487EC3411}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B2A9FA0E-4BD3-4542-860D-F2B139A61EFE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B4B161BF-0F03-4441-9D06-A8D9D01F6373}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B4D06454-1255-40D4-AA85-0D489AD7120F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B59322B6-2938-4062-8FA9-9E6DEF775F44}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B8DB8619-3459-40DB-A604-F7BA5BAD057C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B9143F22-24A0-4BBB-9AD8-D0A7593C1229}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B9226A7C-F565-4CAF-9037-B55341B6030C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B926C845-9C87-4B10-96FF-36DA60465B51}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B96D5C35-BE2E-4279-AF55-BC16B2251FA8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{B9B73B93-4203-4B39-A59E-80539ED04E62}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{BA3A8431-4850-4433-886D-ECB126D32ECE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{BA3BF3B9-13A9-402A-9198-3D576FB93C28}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{BCBECBAC-CF60-4F13-9B8F-48C8063A4517}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{BE22EAAD-5513-4AEF-9CEC-4143013F83D0}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{BE79F11B-4998-4761-B71B-D6F02E5247D3}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{BFBD77E9-7B04-414E-BF0E-17B631C729B4}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C183F274-BF3E-44F7-A270-02ACAB6BFF6F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C1855C2C-7537-45B1-A2FE-B30316852BF0}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C1D7A5FD-6A13-48BD-BDE5-1CCC81974867}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C24C0CBD-96E5-4C1D-AA88-6E5EF439AFC7}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C34D9DCB-2DDE-48CC-B520-D43E41513287}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C57EAA10-BC62-49B7-BACD-5F6146EFC4D4}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C6ED8AF9-26F0-45AF-81BF-BA1B08673CD0}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{C7EA4868-D61B-44A4-B986-ABADEC02F571}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{CCDF6FD6-2340-48DD-922E-E80A9DB65216}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{CCEF1924-055C-44B3-9387-527BD08D16BA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{CD38BD0B-0C5A-4C79-9CD3-73FC6C03F9D7}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{CFFB34BB-2536-4D48-B67C-CDE020731114}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D1164D7B-8271-45C7-9C63-FC9CE6D48167}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D15F3818-2942-4157-B02C-0B60C9587B8C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D16A6E24-D3D9-4B39-B81E-2D905DC72D51}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D17324C7-1207-458E-B22A-3915F1B9CBBA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D2C8F4E0-1B76-4FAB-80B1-C18A73685BC1}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D3294677-25DE-4C6B-8340-73831061E7CF}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D3568775-74EC-4881-B13A-3E799D4CD6C1}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D66AC167-EC8F-44AA-B4AB-5E2F9534157F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D70FDC6F-73CD-4D5C-9A01-8E4AF06A388E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D816F37F-74F7-4B1D-A6AC-4980B71509AF}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D91ECDF1-D33C-4301-9D3A-E8CD1DE26D34}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D983DCCC-F67A-4E01-B92C-DD7CC0D21560}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{D99CA56A-DDF5-46DD-BB0F-617F1B356A44}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{DCDCC1E2-1CD9-4F7D-BCE7-2B19BE14C5A8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{DCE13918-5AE1-4DCC-A7A1-044AA8F5B837}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{DF355FEF-4A95-4B3C-9262-6CC1FB8D4EA7}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{DF370577-C312-4299-95AB-71D752748E30}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{DFC3BB9A-59C2-4DC0-AB81-FDDE188B3930}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E0FB9C60-068A-49F0-B4F7-8171A90CA9B0}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E1578C90-F076-47F2-9872-2C58429485E9}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E2937CC2-191B-426E-A3B4-938C1D7549CB}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E396E462-145C-4B4B-BEE6-9BFF0E5B5781}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E3EDEC7B-5A01-4C2D-B20C-B62FE5FDA02A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E4F21067-9963-4B96-8A14-9800E4E2388E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E5E20602-31FD-4AD6-AD53-2DDEB042A574}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E6933759-524C-4E31-B64B-096B3957002A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E75A68BE-EB29-4C3A-8C71-242B796FAFAA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E7D7D345-5ECF-4BB1-B1E1-7CEFFC1B2901}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E7DA6170-BD05-439B-B792-0F7755D34D4B}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{E9329850-B303-4DB3-B25D-4CFD2B63CA32}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EAA4E09D-BA04-4A55-BB8E-678CF7539447}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EB7C8073-47D5-425D-B5A0-AFAFCED157CE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EBA838B2-78EF-4A73-BD18-D07D2B793523}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EBDC93D7-5B49-42EC-94B8-1F6CBD4CA6DA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EE23A3F5-836F-4E5E-A0F3-0C36DC24FC75}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EF456B90-4A7C-4109-9841-E211D46A33B2}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{EF87C70C-4F78-4576-BDF3-A2A985C9C872}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F032E65D-FF58-4275-BA0D-F760838A2DC8}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F0A0F4F9-6F3C-4EC5-984E-C72C3FD0822D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F16448A9-8505-43E8-8152-D18A630EE67A}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F17AF8E0-0494-4A97-B9A6-B95D9D4CFDFB}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F1BE5DAE-BBB9-4FE3-AFCD-C8198A1DD47C}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F1E69C84-46F5-49CE-A7B5-392C7C243D71}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F35443B1-259B-4992-A818-798FD8334373}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F3C6B65C-F23E-4D7B-92C8-28166F32FDEA}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F461E03E-A618-47DA-88AC-86B8B4738097}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F508FE38-133F-4FFD-81F3-ACC92B587A0F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F571710A-90E4-4D32-BE69-ECBD556A0E41}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F5890AC5-4C88-4FC1-B5E2-BC93C8BEA106}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F8ADC0B4-3FBD-49E0-A641-E12C12BE4249}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F8DB3B19-C3BF-4CAB-AF64-11C606D9E558}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F923128B-E1A1-4361-AFFD-50CB17DBCB8E}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F948C563-7C54-407B-B007-758BCA3511BE}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{F9677E9C-D4EC-4EB1-B95B-137673BDB121}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{FA64B5CD-A60E-4EB0-A71B-6A146BC8AF94}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{FB71A757-D784-4BEC-A453-B682BA1F5C6F}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{FB81F11F-1925-4BD6-8BBB-AE96FB441C5D}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{FC308DBA-0699-4C89-935C-78CADE59E066}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{FD9BF939-0DD1-4DA5-9F14-E62AC85C8044}
Successfully deleted: [Empty Folder] C:\Users\Allen\appdata\local\{FED47F02-728A-4086-BF7F-ECF5B1D1AD7A}
Successfully deleted: [Folder] "C:\ProgramData\ask"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/09/2014 at 21:07:44.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

standby for the next step


  • 0

#8
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

2nd step :

 

# AdwCleaner v3.310 - Report created 23/09/2014 at 21:56:31
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Allen - ALLEN-PC
# Running from : C:\Users\Allen\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16575

-\\ Google Chrome v

[ File : C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2923 octets] - [23/09/2014 21:54:02]
AdwCleaner[S0].txt - [2843 octets] - [23/09/2014 21:56:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2903 octets] ##########


  • 0

#9
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Third step :

 

 Results of screen317's Security Check version 0.99.87 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Kaspersky Internet Security  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1   
 Java 7 Update 67 
 Java™ 6 Update 31 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Empowering Technology eSettings Service capuserv.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
 Windows Defender MSASCui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 


  • 0

#10
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Compcav, hi, i think its working fine now. A little more faster and no hang ups so far. What do you think ? Rgds Allen


  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

I think things are good except for some updates.

Update adobe flash player

We need to uninstall the existing flash player(s). Please go here
Follow steps 1. to 4.
Once flash player is uninstalled go on to the next paragraph.

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Make sure to uncheck the install of the McAfee tool before downloading. You will need to select your operating system (Windows Vista 32-bit) and then each version to download and install separately.




Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • Uncheck the Ask Toolbar, McAfee Scanner, or Chrome installs as well, you do not need these from Adobe.

 

 

 

Update Java

 

Your version of Java is out of date. Older versions of programs have vulnerabilities that malicious sites can use to exploit and infect your system.

You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:

  • Download the latest version of Java and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Java in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
  • When the Java Setup - Welcome window opens, click the Install button.
  • When offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing.

 

 

 

Download and run Delfix by right click and select Run as Administrator.

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

You can download it here.  Please uncheck the enable free trial at the end of the install.
Update and run it weekly to keep your system clean.


To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe wavey.gif.pagespeed.ce.4AQn4GwL8t.gif

 

 

Regards,

 

CompCav


  • 0

#12
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Hi Compcav,

 

I have done all the above as requested except for updating Java, you mentioned that it was not necessary for me. After reading the links, i realised that I dont use my computer a lot except for sending emails and social networking. So I guess I wont update Java for now. I have downloaded the Malware byte but it didnt show me anywhere to uncheck the enable free trial. However after installing the software it shows its free. Shall I remove all the softwares you asked me to download on my computer such as OTL, ADw cleaner except for Malwarebyte ?

 

Compcav, it has been such a pleasure to meet you again and to work with you over the years. I have known you for atleast 2 years and in those years you have proved to be an ever helpful amazing friend. You know the exact problems and how to fix it. Thank you for guiding me once again, you have proved yourself. Please please keep in touch. I wouldnt want anyone else but you in my future issues. You have fixed my laptop twice already in the past and now this cleaning part was amazing. I will do everything I can to keep my computer upto date but I will be keeping in touch with you from time to time to just say hello. Please dont go anywhere. I dont what I would have done without you. Thank you once again. Have a great day compcav.   


  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thank you for the kind words.

If you do not update Java, you must uninstall it completely. Do not worry because if you need it for a site it will let you know and you can download and install the latest version right when you need it.

OTL and AdwCleaner should be gone if you run Delfix with all the boxes checked. If not open AdwCleaner and click on uninstall. For OTL simply right click on it and select Delete.

Regards,

CompCav
  • 0

#14
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Sorry compcav, I think i missed one step which was downloading delfix, now i am trying to download to remove the softwares you mentioned about, but i wont let me download delfix. It says internet explorer cannot display the page. Is there another way to delete the files downloaded ? and How can I remove java completely ? please advice.


  • 0

#15
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Oh i forgot, there is also security clearance check file and uninstall flash player file downloaded but I have managed to remove Adwcleaner and OTL, now.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP