Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avira OE. servicehost.exe [Closed]


  • This topic is locked This topic is locked

#1
waynf

waynf

    Member 1K

  • Member
  • PipPipPipPip
  • 1,136 posts

A couple of hours ago while on www.facebook.com, I received notification in taskbar that AVira had upgraded.  I paid little attention to it at the time, until when I tried to call up another website and I seen these large icons plastered all over my screen, icons that pertained, to Gmail, Facebook, etc.  with a search bar on the top. At the toop of my screen it would show "new tab".  To go on working i woould have to x it out, which woud talke me back to my search engine, in this case www.google.ca.  Down on the left hand side of the screen near the strt button woul be these words: "Astromenda"  What on earth is this all about.  I have received no Avira.OE. Servicehost error messages yet.

 

OTL logfile created on: 10/14/2014 12:43:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Wayne\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.42 Mb Total Physical Memory | 236.53 Mb Available Physical Memory | 24.68% Memory free
3.67 Gb Paging File | 2.77 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): C:\pagefile.sys 2880 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 41.56 Gb Free Space | 55.77% Space Free | Partition Type: NTFS
Drive E: | 14.91 Gb Total Space | 0.49 Gb Free Space | 3.30% Space Free | Partition Type: FAT32
 
Computer Name: WAYNE-6A7649B9E | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/14 00:42:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\My Documents\Downloads\OTL.exe
PRC - [2014/10/01 08:50:21 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/10/01 08:49:04 | 000,428,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/10/01 08:48:51 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/10/01 08:48:50 | 000,703,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/09/26 11:04:06 | 004,811,032 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/09/25 09:05:58 | 001,110,888 | ---- | M] (S p i g o t, I n c.) -- C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.exe
PRC - [2014/09/24 21:31:19 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/09/23 14:47:54 | 000,165,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/09/23 14:47:50 | 000,160,560 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/08/21 19:43:50 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/11/09 17:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/03 07:24:58 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\360603d8efa82557e7fce70287cb242e\WindowsFormsIntegration.ni.dll
MOD - [2014/10/03 07:24:30 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/10/03 07:24:16 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dd733c6f1f9f50f3517d48da5bea80d2\System.ServiceModel.ni.dll
MOD - [2014/10/02 20:58:47 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014/10/02 20:58:36 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fe7c09c37b8b39bd894d6a225f9ca01b\System.IdentityModel.ni.dll
MOD - [2014/10/02 18:59:55 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
MOD - [2014/10/02 18:59:55 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.Wrapper.dll
MOD - [2014/10/02 18:59:54 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014/10/02 18:59:53 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/10/02 18:59:51 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll
MOD - [2014/10/02 18:59:50 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
MOD - [2014/10/02 18:59:46 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\05be173cbacba4b7604a67a267acdfe4\System.Xml.Linq.ni.dll
MOD - [2014/10/02 18:59:45 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014/10/01 23:48:07 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd52c6f899032f62270379681f559c41\PresentationFramework.Classic.ni.dll
MOD - [2014/10/01 23:48:02 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9aafa1869d136f77bc483f25d0795229\PresentationFramework.ni.dll
MOD - [2014/10/01 23:47:37 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll
MOD - [2014/10/01 23:47:19 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll
MOD - [2014/10/01 23:42:11 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/10/01 23:41:54 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b5f67ff59d386021c43b1ee400c00feb\System.Data.ni.dll
MOD - [2014/10/01 23:41:44 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/10/01 23:41:39 | 002,553,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\70995df0f70bcaffe432672c91f3f2d3\System.Data.Linq.ni.dll
MOD - [2014/10/01 23:40:42 | 000,690,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\5e3ae38fa95746e42867479658c0a791\System.ComponentModel.Composition.ni.dll
MOD - [2014/10/01 23:40:39 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8fa7f2d6cc4122c7102a02586074a183\System.Numerics.ni.dll
MOD - [2014/10/01 23:40:34 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/10/01 23:40:26 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/10/01 23:40:20 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll
MOD - [2014/10/01 23:40:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/10/01 23:39:53 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014/09/24 21:31:15 | 003,715,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/09/14 07:18:19 | 016,825,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/01 08:50:21 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/10/01 08:48:51 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/09/24 21:31:16 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 18:20:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/23 14:47:50 | 000,160,560 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/08/21 19:43:50 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/09 17:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/10/01 08:48:51 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/10/01 08:48:50 | 000,098,160 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/08/21 18:37:54 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2014/08/15 10:30:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014/08/15 10:30:05 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 10:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.search.ya...r=spigot-yhp-ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {E5B4158F-E345-4115-BE5A-4CE6C25171E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{18FB97BB-B194-4ADD-A0C8-2F72BF8A03F8}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266}: "URL" = http://astromenda.co...=1640802568&ir=
IE - HKCU\..\SearchScopes\{E5B4158F-E345-4115-BE5A-4CE6C25171E2}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.26
FF - prefs.js..extensions.enabledAddons: %7Bb6a94784-0ffb-4121-88c6-435139067ee2%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B46eddf51-a4f6-4476-8d6c-31c5187b2a2f%7D:3.4
FF - prefs.js..extensions.enabledAddons: %7B32da2f20-827d-40aa-a3b4-2fc4a294352e%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7B84a93d51-b7a9-431e-8ff8-d60e5d7f5df1%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7Bf894a29a-f065-40c3-bb19-da6057778493%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "https://search.yahoo...type=242154&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/08/21 20:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2014/10/13 20:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions
[2014/10/13 20:30:12 | 000,000,000 | ---D | M] (Start Page) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}
[2014/10/13 20:30:12 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}
[2014/08/26 07:46:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2014/10/13 20:30:13 | 000,000,000 | ---D | M] (Amazon Shopping Assistant by Spigot) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1}
[2014/10/13 20:30:13 | 000,000,000 | ---D | M] (Ebay Shopping Assistant by Spigot) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{f894a29a-f065-40c3-bb19-da6057778493}
[2014/09/30 21:45:33 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected]
[2014/08/23 17:53:02 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected]
[2014/09/17 06:57:47 | 000,000,000 | ---D | M] (Avira SafeSearch) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\[email protected]
[2014/10/10 18:28:22 | 000,358,659 | ---- | M] () (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi
[2014/10/10 18:27:51 | 000,003,966 | ---- | M] () (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi
[2014/10/10 18:27:59 | 000,002,851 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml
[2014/10/14 00:24:27 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\avira-safesearch.xml
[2014/10/11 12:46:04 | 000,008,141 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\yahoo_ff.xml
[2014/09/24 21:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/24 21:31:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2004/08/04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Browser Extensions) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Documents and Settings\Wayne\Application Data\Browser Extensions\Coupons.dll (S.p.i.g.o.t, I.n.c.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [Browser Extensions] C:\Documents and Settings\Wayne\Application Data\Browser Extensions\CouponsHelper.exe (S.p.i.g.o.t, I.n.c.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SearchProtection] C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE (S p i g o t, I n c.)
O4 - HKCU..\Run: [SystweakASP] C:\Program Files\RCP\systweakasp.exe (Systweak Inc                                                )
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1408657331890 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.209.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFF18506-ECD2-4665-8072-71B0D875AED6}: DhcpNameServer = 192.168.209.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/20 21:54:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/13 12:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\capitalone dispute2221-blessed224
[2014/10/13 10:58:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2014/10/11 09:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Browser Extensions
[2014/10/11 09:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Search Protection
[2014/10/10 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\MY LRICS
[2014/10/10 19:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk
[2014/10/10 19:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Google
[2014/10/10 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/10/10 18:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\logs
[2014/10/10 18:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PriceFountain
[2014/10/10 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\PriceFountain
[2014/10/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Systweak
[2014/10/10 18:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
[2014/10/10 18:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\RCP
[2014/10/06 22:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/10/06 18:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Geeks Ltd
[2014/10/06 18:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Start Menu\Programs\Geeks Ltd
[2014/10/03 18:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2014/10/03 18:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\GEEKS TO GO ANSWERS
[2014/10/02 05:18:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/10/02 05:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/10/02 05:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/10/02 05:15:58 | 000,000,000 | ---D | C] -- C:\674e2960536ce11b3cce226ace2de33a
[2014/10/01 23:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/10/01 23:28:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2014/10/01 23:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/10/01 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\MY PHOTO COLLECTIONS
[2014/10/01 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2014/10/01 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/09/30 13:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\PROGRAM SETUP FILES
[2014/09/30 13:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Start Menu\Programs\Responsive Software
[2014/09/30 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Responsive Software
[2014/09/30 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2014/09/27 22:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2014/09/27 13:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\HpUpdate
[2014/09/27 13:28:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2014/09/24 21:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/22 16:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2014/09/20 11:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2014/09/20 11:40:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wayne\My Documents\HP Photo Creations
[2014/09/20 11:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Visan
[2014/09/20 11:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/09/20 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/09/20 11:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2014/09/20 11:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\My Setup Files
[2014/09/19 23:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Oracle
[2014/09/19 23:01:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2014/09/19 22:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\Nero Files
[2014/09/19 12:58:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2014/09/18 00:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Sun
[2 C:\Documents and Settings\Wayne\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Wayne\Local Settings\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/14 00:39:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2014/10/14 00:38:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C0CFDEAB-609B-4932-A18D-FA7764138099}.job
[2014/10/14 00:27:06 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/10/14 00:22:13 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/10/14 00:20:53 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/10/14 00:20:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/10/14 00:18:26 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/10/13 20:36:25 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/10/13 12:31:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/10/13 01:55:47 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/10/11 11:41:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/10/10 19:59:10 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Google Talk.lnk
[2014/10/10 18:36:15 | 000,583,422 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/10/10 18:36:15 | 000,106,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/10/02 18:49:17 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/10/01 23:29:22 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2014/10/01 23:29:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2014/10/01 23:29:16 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2014/10/01 23:29:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2014/10/01 09:42:43 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2014/10/01 08:48:51 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/10/01 08:48:50 | 000,098,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/10/01 08:41:14 | 000,207,407 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/09/30 13:35:39 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2014/09/30 13:26:48 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Ledger.lnk
[2014/09/29 20:55:50 | 000,000,221 | ---- | M] () -- C:\WINDOWS\NCLogConfig.ini
[2014/09/27 22:09:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/09/27 22:02:57 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2014/09/27 22:02:11 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2014/09/22 11:52:30 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to ISPB-217-12-13Calendar_E.pdf.lnk
[2014/09/22 11:39:23 | 000,155,204 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\ISPB-217-12-13Calendar_E.pdf
[2014/09/21 20:57:23 | 000,002,905 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\Untitled Project.nvc
[2014/09/20 11:39:40 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/09/19 22:49:49 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2 C:\Documents and Settings\Wayne\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Wayne\Local Settings\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/13 20:36:24 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/10/10 19:59:10 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Google Talk.lnk
[2014/10/10 18:27:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/10/10 18:26:29 | 000,018,248 | ---- | C] () -- C:\WINDOWS\System32\roboot.exe
[2014/10/01 23:29:16 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2014/10/01 23:29:16 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2014/10/01 23:29:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2014/10/01 23:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2014/10/01 09:42:43 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2014/09/30 13:26:48 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2014/09/30 13:25:09 | 000,002,517 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Ledger.lnk
[2014/09/29 20:55:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2014/09/27 22:02:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2014/09/27 22:02:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2014/09/22 11:52:30 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to ISPB-217-12-13Calendar_E.pdf.lnk
[2014/09/22 11:39:06 | 000,155,204 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\ISPB-217-12-13Calendar_E.pdf
[2014/09/20 11:39:40 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/09/20 11:39:39 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2014/09/19 22:49:49 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/09/14 07:18:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/02 12:19:49 | 000,951,706 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-2052111302-1177238915-1003-0.dat
[2014/09/02 12:19:47 | 000,137,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/09/01 15:04:44 | 000,218,200 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2014/08/26 20:47:04 | 000,112,886 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2014/08/26 20:47:04 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2014/08/25 21:04:32 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\aps.uninstall.scan.results
[2014/08/24 18:55:55 | 000,112,885 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2014/08/24 18:55:55 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2014/08/23 15:14:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2014/08/23 15:13:48 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/21 19:24:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2014/08/21 18:52:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/08/21 18:08:58 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2014/08/20 21:57:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/08/20 21:51:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2014/08/20 18:43:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014/08/20 18:42:29 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
 
========== ZeroAccess Check ==========
 
[2014/08/27 12:20:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 09:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/08/21 19:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/08/21 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/10/14 00:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014/09/20 11:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/10/10 18:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
[2014/10/13 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Browser Extensions
[2014/08/21 20:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\CrystalIdea Software
[2014/10/12 12:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Image Zone Express
[2014/09/03 09:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MPC-HC
[2014/09/19 23:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Oracle
[2014/10/10 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PriceFountain
[2014/10/11 09:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Search Protection
[2014/10/10 18:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Systweak
[2014/09/20 11:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Visan
[2014/08/29 13:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\VOPackage
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)




remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Advanced System Protector

After completing uninstalls, please manually reboot your machine!



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    C:\Documents and Settings\Wayne\Application Data\Search Protection;fs
    C:\Documents and Settings\Wayne\Application Data\Browser Extensions;fs
    {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266};c
    resetieproxy;
    C:\WINDOWS\System32\roboot.exe;f
    {46eddf51-a4f6-4476-8d6c-31c5187b2a2f};c
    {84a93d51-b7a9-431e-8ff8-d60e5d7f5df1};c
    {f894a29a-f065-40c3-bb19-da6057778493};c
    [email protected];ff
    {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5};c
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "Browser Extensions"=-;r
    "SearchProtection"=-;r
    "SystweakASP"=-;r
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    ""=-;r
    C:\Program Files\RCP;fs
    C:\Documents and Settings\Wayne\Application Data\PriceFountain;fs
    C:\Documents and Settings\Wayne\Local Settings\Application Data\PriceFountain;fs
    C:\Documents and Settings\Wayne\Application Data\Systweak;fs
    C:\Documents and Settings\Wayne\Application Data\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q;fs
    C:\WINDOWS\tasks\At*.job;f
    autoclean;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

#3
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,136 posts

Can't get ZOEK to run keep getting messages indicating error or missing passwords and that program will be terminated


  • 0

#4
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,136 posts

By the way does this problem we are working on have anything to do with Search Protector from Spigot. Inc.?


  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Your logs indicate mostly what we call adware and PUPs - potentially undesirable programs. All Spigot soft is considered these so we will remove it.

About ZOEK - make sure that you turned your AV off and please try again. If bit, we will use a different scanner.
  • 0

#6
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,136 posts

Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Wayne on Fri 10/17/2014 at 11:49:00.21.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Wayne\My Documents\Downloads\zoek(1).exe [Scan all users] [Script inserted]

===== Runcheck 11:49:35.60 =====

--- Create Environment Variables 11:49:37.45
--- Create System Restore Point 11:49:43.95
--- Checking Input 11:49:53.46
--- AU AppData Check 11:50:00.39
--- Remove From Windows Installer 11:50:02.81
 


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
That's not the complete log. It's only a header.
Wait a bit more.
  • 0

#8
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,136 posts

===== Runcheck 11:49:35.60 =====

--- Create Environment Variables 11:49:37.45
--- Create System Restore Point 11:49:43.95
--- Checking Input 11:49:53.46
--- AU AppData Check 11:50:00.39
--- Remove From Windows Installer 11:50:02.81
--- IE Startpage Check 11:52:08.17
--- Program Files DB Check 11:53:38.98
--- C:\Documents and Settings\Default User\Application Data DB Check 11:55:18.09
--- C:\Documents and Settings\LocalService\Application Data DB Check 11:55:18.09
--- C:\Documents and Settings\NetworkService\Application Data DB Check 11:55:18.09
--- C:\Documents and Settings\Wayne\Application Data DB Check 11:55:18.09
--- C:\WINDOWS\system32\config\systemprofile\Application Data DB Check 11:55:18.09
--- C:\Documents and Settings\Wayne DB Check 11:57:35.25
--- C:\DOCUME~1\ALLUSE~1\APPLIC~1 DB Check 11:57:58.26
--- C:\Documents and Settings\Default User\Local Settings\Application Data DB Check 11:57:59.84
--- C:\Documents and Settings\LocalService\Local Settings\Application Data DB Check 11:57:59.84
--- C:\Documents and Settings\NetworkService\Local Settings\Application Data DB Check 11:57:59.84
--- C:\Documents and Settings\Wayne\Local Settings\Application Data DB Check 11:57:59.84
--- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data DB Check 11:57:59.84
--- C:\Documents and Settings\All Users\Start Menu\Programs DB Check 11:59:21.64
--- C:\Documents and Settings\Wayne\Start Menu\Programs DB Check 11:59:33.62
--- Tasks DB Check 11:59:41.32
--- Tasks2 DB Check 11:59:46.42
 


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Ok, something is apparently wrong here.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.
  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP